Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The version 1.2.0 generates an unexpected error #26

Closed
luiscaciatori opened this issue Jun 9, 2021 · 5 comments
Closed

The version 1.2.0 generates an unexpected error #26

luiscaciatori opened this issue Jun 9, 2021 · 5 comments
Labels
bug Something isn't working

Comments

@luiscaciatori
Copy link

Recently testing the version 1.2.0, before update the library. I received the error bellow, when I try to persist a new row or read something from Postgres already encrypt.

Elixir version 1.11.3 + OTP 23

** (ErlangError) Erlang error: {:badarg, {'aead.c', 90}, 'Unknown cipher'}
(crypto 5.0) :crypto.aead_cipher_nif(:aes_256_gcm, <<...>>, <<...>>, <<...>>, "AES256GCM", <<...>>, false)

The tests pass but when I run the application the error happens.
@luiscaciatori luiscaciatori changed the title How to upgrade from 1.1.1 to 1.2.0 without generate an error? The version 1.2.0 generates an unexpected error Jun 9, 2021
@woylie
Copy link

woylie commented Aug 2, 2021

We have the same error after upgrading from Cloak 1.1.0 and OTP 23 to Cloak 1.2.0 and OTP 24. The Elixir version remained unchanged on 1.12.2 during the update.

@woylie
Copy link

woylie commented Aug 2, 2021

Here's a stack trace:

ErlangError: Erlang error: {:badarg, {'aead.c', 90}, 'Unknown cipher'}
  Module "crypto", in :crypto.aead_cipher/7
  File "lib/cloak/ciphers/aes_gcm.ex", line 65, in Cloak.Ciphers.AES.GCM.decrypt/2
  File "lib/cloak_ecto/type.ex", line 64, in CircleApp.Ecto.EncryptedBinary.load/1
  File "lib/ecto/type.ex", line 894, in Ecto.Type.process_loaders/3
  File "lib/ecto/repo/queryable.ex", line 406, in Ecto.Repo.Queryable.struct_load!/6
  File "lib/ecto/repo/queryable.ex", line 238, in anonymous fn/5 in Ecto.Repo.Queryable.preprocessor/3
  File "lib/enum.ex", line 1582, in Enum."-map/2-lists^map/1-0-"/2
  File "lib/ecto/repo/queryable.ex", line 229, in Ecto.Repo.Queryable.execute/4

@woylie
Copy link

woylie commented Aug 2, 2021
edited

I noticed that this error can occur if a key with an invalid length is used. I wonder whether the new :crypto functions have stricter validation for the key that is passed as an argument, or maybe it has to do with the retired cipher names that didn't specify the key size. This error occurred only in prod for us, but not on stage or locally, which might point to a key with a wrong length being configured for prod.

@woylie
Copy link

woylie commented Aug 3, 2021

Solved in our case by rotating the key on cloak_ecto 1.1.1 / OTP 23 and upgrading to 1.2.0 / OTP 24 after that.

@danielberkompas danielberkompas added the bug Something isn't working label Jun 17, 2022
@danielberkompas
Copy link
Owner

It sounds like the invalid key length was likely the problem. If anyone else encounters this feel free to comment and I'll reopen for more investigation.

@danielberkompas danielberkompas closed this as not planned Won't fix, can't repro, duplicate, stale Jun 17, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@danielberkompas @luiscaciatori @woylie