zitadel/internal/domain
Tim Möhlmann 3759ed9f08 fix(crypto): reject decrypted strings with non-UTF8 characters. (#8374)
# Which Problems Are Solved

We noticed logging where 500: Internal Server errors were returned from
the token endpoint, mostly for the `refresh_token` grant. The error was
thrown by the database as it received non-UTF8 strings for token IDs

Zitadel uses symmetric encryption for opaque tokens, including refresh
tokens. Encrypted values are base64 encoded. It appeared to be possible
to send garbage base64 to the token endpoint, which will pass decryption
and string-splitting. In those cases the resulting ID is not a valid
UTF-8 string.

Invalid non-UTF8 strings are now rejected during token decryption.

# How the Problems Are Solved

- `AESCrypto.DecryptString()` checks if the decrypted bytes only contain
valid UTF-8 characters before converting them into a string.
- `AESCrypto.Decrypt()` is unmodified and still allows decryption on
non-UTF8 byte strings.
- `FromRefreshToken` now uses `DecryptString` instead of `Decrypt`

# Additional Changes

- Unit tests added for `FromRefreshToken` and
`AESCrypto.DecryptString()`.
- Fuzz tests added for `FromRefreshToken` and
`AESCrypto.DecryptString()`. This was to pinpoint the problem
- Testdata with values that resulted in invalid strings are committed.
In the pipeline this results in the Fuzz tests to execute as regular
unit-test cases. As we don't use the `-fuzz` flag in the pipeline no
further fuzzing is performed.

# Additional Context

- Closes #7765
- https://go.dev/doc/tutorial/fuzz
2024-08-06 13:58:53 +02:00
..
schema feat: implement user schema management (#7416) 2024-03-12 13:50:13 +00:00
testdata/fuzz/FuzzFromRefreshToken fix(crypto): reject decrypted strings with non-UTF8 characters. (#8374) 2024-08-06 13:58:53 +02:00
action.go chore(v2): move to new org (#3499) 2022-04-26 23:01:45 +00:00
application_api.go feat(crypto): use passwap for machine and app secrets (#7657) 2024-04-05 09:35:49 +00:00
application_key.go refactor: rename package errors to zerrors (#7039) 2023-12-08 15:30:55 +01:00
application_oauth.go feat(6222): remove @ and project from OIDC client ID (#8178) 2024-07-04 08:31:40 +00:00
application_oidc_test.go fix: remove hard requirement of grant type auth code for device code apps + warnings for missing urls (#7429) 2024-02-29 15:28:06 +00:00
application_oidc.go fix(oidc): store requested response_mode (#8145) 2024-06-17 09:50:12 +00:00
application_saml.go feat(saml): implementation of saml for ZITADEL v2 (#3618) 2022-09-12 18:18:08 +02:00
application.go feat: protos refactoring 2021-03-09 10:30:11 +01:00
asset.go fix: return absolute asset urls (#3676) 2022-05-20 10:30:12 +02:00
auth_request_test.go feat(oidc): id token for device authorization (#7088) 2023-12-20 13:21:08 +01:00
auth_request.go feat: password age policy (#8132) 2024-06-18 11:27:44 +00:00
authn_key.go refactor: rename package errors to zerrors (#7039) 2023-12-08 15:30:55 +01:00
browser_info.go fix: correctly set user agent / fingerprint id on user sessions (#8231) 2024-07-03 09:43:34 +02:00
bucket.go feat: asset storage (#1696) 2021-05-03 10:15:50 +02:00
custom_login_text.go feat: password age policy (#8132) 2024-06-18 11:27:44 +00:00
custom_message_text.go refactor: rename package errors to zerrors (#7039) 2023-12-08 15:30:55 +01:00
custom_text.go chore(v2): move to new org (#3499) 2022-04-26 23:01:45 +00:00
device_auth_test.go feat(oidc): id token for device authorization (#7088) 2023-12-20 13:21:08 +01:00
device_auth.go perf(oidc): optimize token creation (#7822) 2024-05-16 07:07:56 +02:00
deviceauthstate_string.go perf(oidc): optimize token creation (#7822) 2024-05-16 07:07:56 +02:00
execution.go feat: add action v2 execution on requests and responses (#7637) 2024-05-04 11:55:57 +02:00
expiration.go refactor: rename package errors to zerrors (#7039) 2023-12-08 15:30:55 +01:00
factors.go feat: enable otp email and sms (#6260) 2023-07-28 07:39:30 +02:00
feature.go fix: add action v2 execution to features (#7597) 2024-04-09 20:21:21 +03:00
flow.go feat: add executions for actions v2 (#7433) 2024-02-26 12:49:43 +02:00
human_address.go chore(v2): move to new org (#3499) 2022-04-26 23:01:45 +00:00
human_email_test.go refactor: rename package errors to zerrors (#7039) 2023-12-08 15:30:55 +01:00
human_email.go refactor: rename package errors to zerrors (#7039) 2023-12-08 15:30:55 +01:00
human_otp.go fix: import totp in add human user with secret (#7936) 2024-05-14 09:20:31 +02:00
human_password.go feat(crypto): use passwap for machine and app secrets (#7657) 2024-04-05 09:35:49 +00:00
human_phone_test.go refactor: rename package errors to zerrors (#7039) 2023-12-08 15:30:55 +01:00
human_phone.go refactor: rename package errors to zerrors (#7039) 2023-12-08 15:30:55 +01:00
human_profile.go refactor: rename package errors to zerrors (#7039) 2023-12-08 15:30:55 +01:00
human_test.go fix: set displayname correctly in EnsureDisplayName (#5702) 2023-04-17 06:26:40 +00:00
human_web_auth_n.go fix: provide domain in session, passkey and u2f (#6097) 2023-06-27 14:36:07 +02:00
human.go fix(import): add tracing spans to all import related functions (#8160) 2024-06-19 12:56:33 +02:00
idp_config.go feat(login): use new IDP templates (#5315) 2023-02-28 21:20:58 +01:00
idp.go feat(saml): allow setting nameid-format and alternative mapping for transient format (#7979) 2024-05-23 05:04:07 +00:00
instance_domain.go feat: add random string to generated domain (#3634) 2022-05-16 11:26:24 +02:00
instance.go fix: instance remove (#4602) 2022-10-26 13:06:48 +00:00
key_pair.go feat(saml): implementation of saml for ZITADEL v2 (#3618) 2022-09-12 18:18:08 +02:00
language.go refactor: rename package errors to zerrors (#7039) 2023-12-08 15:30:55 +01:00
machine_key.go fix: add expiration date information to service users keys (#7497) 2024-03-13 18:21:19 +00:00
machine.go chore(v2): move to new org (#3499) 2022-04-26 23:01:45 +00:00
member.go chore(v2): move to new org (#3499) 2022-04-26 23:01:45 +00:00
metadata.go refactor: rename package errors to zerrors (#7039) 2023-12-08 15:30:55 +01:00
mfa.go refactor: cleanup unused code (#7130) 2024-01-02 14:26:31 +00:00
next_step.go fix: allow login with user created through v2 api without password (#8291) 2024-07-17 06:43:07 +02:00
notification.go refactor: cleanup unused code (#7130) 2024-01-02 14:26:31 +00:00
object.go feat(api): feature flags (#7356) 2024-02-28 10:55:54 +02:00
oidc_code_challenge.go fix: move v2 pkgs (#1331) 2021-02-23 15:13:04 +01:00
oidc_error_reason_test.go perf(oidc): optimize token creation (#7822) 2024-05-16 07:07:56 +02:00
oidc_error_reason.go perf(oidc): optimize token creation (#7822) 2024-05-16 07:07:56 +02:00
oidc_mapping_field.go fix: move v2 pkgs (#1331) 2021-02-23 15:13:04 +01:00
oidc_session.go feat(api): add OIDC session service (#6157) 2023-07-10 13:27:00 +00:00
oidc_settings.go chore(v2): move to new org (#3499) 2022-04-26 23:01:45 +00:00
oidcresponsemode_enumer.go fix(oidc): store requested response_mode (#8145) 2024-06-17 09:50:12 +00:00
org_domain_test.go fix: allow unicode characters in org domains (#6675) 2023-10-11 09:55:01 +02:00
org_domain.go refactor: rename package errors to zerrors (#7039) 2023-12-08 15:30:55 +01:00
org.go feat(eventstore): add search table (#8191) 2024-07-03 15:00:56 +00:00
permission.go fix: allow other users to set up MFAs (#7914) 2024-05-07 05:38:26 +00:00
policy_domain.go feat: restrict smtp sender address (#3637) 2022-05-16 14:08:47 +00:00
policy_label_test.go refactor: rename package errors to zerrors (#7039) 2023-12-08 15:30:55 +01:00
policy_label.go refactor: cleanup unused code (#7130) 2024-01-02 14:26:31 +00:00
policy_login_test.go feat: add default redirect uri and handling of unknown usernames (#3616) 2022-05-16 13:39:09 +00:00
policy_login.go fix(login): correct rendering of idps (#7151) 2024-01-05 14:35:51 +00:00
policy_mail_template.go chore(v2): move to new org (#3499) 2022-04-26 23:01:45 +00:00
policy_password_age.go chore(v2): move to new org (#3499) 2022-04-26 23:01:45 +00:00
policy_password_complexity.go refactor: rename package errors to zerrors (#7039) 2023-12-08 15:30:55 +01:00
policy_password_lockout.go feat: provide option to limit (T)OTP checks (#7693) 2024-04-10 09:14:55 +00:00
policy_privacy.go feat(cnsl): docs link can be customized and custom button is available (#7840) 2024-05-13 16:01:50 +02:00
policy.go refactor: cleanup unused code (#7130) 2024-01-02 14:26:31 +00:00
project_grant_member.go refactor: cleanup unused code (#7130) 2024-01-02 14:26:31 +00:00
project_grant.go perf(command): user grant pre-condition check using the search table (#8230) 2024-07-04 16:18:43 +00:00
project_role.go chore(v2): move to new org (#3499) 2022-04-26 23:01:45 +00:00
project.go chore(v2): move to new org (#3499) 2022-04-26 23:01:45 +00:00
provider.go refactor: cleanup unused code (#7130) 2024-01-02 14:26:31 +00:00
refresh_token_test.go fix(crypto): reject decrypted strings with non-UTF8 characters. (#8374) 2024-08-06 13:58:53 +02:00
refresh_token.go fix(crypto): reject decrypted strings with non-UTF8 characters. (#8374) 2024-08-06 13:58:53 +02:00
request.go fix(oidc): store requested response_mode (#8145) 2024-06-17 09:50:12 +00:00
roles.go chore(v2): move to new org (#3499) 2022-04-26 23:01:45 +00:00
search_method.go fix: todos (#1346) 2021-03-01 08:48:50 +01:00
secret_generator.go feat: add secret generators for OTP (#6262) 2023-07-26 11:00:41 +00:00
session.go feat(api): add otp (sms and email) checks in session api (#6422) 2023-08-24 09:41:52 +00:00
sms.go feat: Default configs sms provider (#3187) 2022-02-21 12:22:20 +00:00
smtp.go feat: SMTP Templates (#6932) 2024-04-11 09:16:10 +02:00
target.go feat: add action v2 execution on requests and responses (#7637) 2024-05-04 11:55:57 +02:00
token_test.go feat(oidc): organization roles scope (#8120) 2024-06-14 10:00:43 +02:00
token.go feat(oidc): organization roles scope (#8120) 2024-06-14 10:00:43 +02:00
tokenreason_enumer.go feat(oidc): token exchange impersonation (#7516) 2024-03-20 10:18:46 +00:00
url_template_test.go refactor: rename package errors to zerrors (#7039) 2023-12-08 15:30:55 +01:00
url_template.go refactor: rename package errors to zerrors (#7039) 2023-12-08 15:30:55 +01:00
user_agent_test.go perf(oidc): optimize token creation (#7822) 2024-05-16 07:07:56 +02:00
user_agent.go perf(oidc): optimize token creation (#7822) 2024-05-16 07:07:56 +02:00
user_grant.go chore(v2): move to new org (#3499) 2022-04-26 23:01:45 +00:00
user_idp_link.go chore(v2): move to new org (#3499) 2022-04-26 23:01:45 +00:00
user_schema.go feat: implement user schema management (#7416) 2024-03-12 13:50:13 +00:00
user_v2_passkey_test.go refactor: rename package errors to zerrors (#7039) 2023-12-08 15:30:55 +01:00
user_v2_passkey.go feat(v2): register user u2f (#6020) 2023-06-15 05:32:40 +00:00
user.go fix(oidc): IDP and passwordless user auth methods (#7998) 2024-05-28 08:59:49 +00:00