search

campeon23 / split-fetcher

The code is a concurrent file downloader in Go that splits a file into multiple parts, downloads them in parallel, and assembles the final file, with support for Etag validation to ensure file integrity.
MIT License
1 stars 0 forks source link

Transition to AEAD Modes for Improved Security #157

Closed campeon23 closed 1 year ago

campeon23 commented 1 year ago

Description: To streamline cryptographic operations and boost security, it's recommended to use AEAD (Authenticated Encryption with Associated Data) modes. Particularly, the GCM (Galois/Counter Mode) is preferred as it combines encryption and authentication, thus making separate HMACs redundant.

Recommendation: Migrate the encryption process to utilize GCM or other AEAD modes for efficient and secure encryption and authentication.

Example Fix: If using Go's crypto library:

import (
    "crypto/aes"
    "crypto/cipher"
    "crypto/rand"
    "errors"
)

func EncryptWithGCM(plaintext []byte, key []byte) ([]byte, error) {
    block, err := aes.NewCipher(key)
    if err != nil {
        return nil, err
    }

    gcm, err := cipher.NewGCM(block)
    if err != nil {
        return nil, err
    }

    nonce := make([]byte, gcm.NonceSize())
    if _, err = io.ReadFull(rand.Reader, nonce); err != nil {
        return nil, err
    }

    return gcm.Seal(nonce, nonce, plaintext, nil), nil
}

Acceptance Criteria:

  • Implement the AEAD mode for encryption and authentication.
  • Remove or deprecate redundant HMAC functionalities.
  • Test the new encryption mechanism to ensure that it is both secure and functional.

Severity Level: High

campeon23 commented 1 year ago

As per the scope of the ticket:

We successfully integrated the AEAD using the GCM methodology, providing enhanced encryption and authentication. Following the adoption of GCM, separate HMAC functionalities were identified as redundant and have thus been deprecated. Comprehensive tests were executed on the new encryption mechanism, confirming its security integrity and flawless operation. We also undertook a refactoring process for better logic structuring: the timestamp generation for the manifest file tagging has been shifted from the run() function to localAppConfig.Execute(). Considering all the aforementioned updates and enhancements, I am marking this ticket as closed. If any further adjustments or reviews are needed, please reopen the ticket or create a new one for specific concerns.