feat: don't stop with invalid key (#1612)

An issue with the old sync was that if there was _one_ record encrypted
with a different key, sync would stop. You'd need to delete your account
and start from scratch. This sucked.

This change means we will carry on, and try to encrypt and build with as
much of the history as we are able to decrypt.

This is possible because we can quite happily store data on disk that we
cannot decrypt. The old store couldn't do this.

In future, we might consider a keyring containing multiple keys.
This commit is contained in:
Ellie Huxtable 2024-01-22 20:07:19 +00:00 committed by GitHub
parent 6af6c9066b
commit d84f5b2d33
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 11 additions and 1 deletions

View File

@ -164,7 +164,16 @@ impl HistoryStore {
for record in records.into_iter() {
let hist = match record.version.as_str() {
HISTORY_VERSION => {
let decrypted = record.decrypt::<PASETO_V4>(&self.encryption_key)?;
let decrypted = record.decrypt::<PASETO_V4>(&self.encryption_key);
let decrypted = match decrypted {
Ok(d) => d,
Err(e) => {
println!("failed to decrypt history: {e}");
continue;
}
};
HistoryRecord::deserialize(&decrypted.data, HISTORY_VERSION)
}
version => bail!("unknown history version {version:?}"),

View File

@ -128,6 +128,7 @@ impl PASETO_V4 {
// For now though we will only support the one key and key rotation will
// have to be a hard reset
let current_kid = wrapping_key.to_id();
ensure!(
current_kid == kid,
"attempting to decrypt with incorrect key. currently using {current_kid}, expecting {kid}"