From d5ae96f54d6b0fc2c5cf4357e316f8c1f1939e35 Mon Sep 17 00:00:00 2001 From: Derek Collison Date: Sat, 3 Jun 2023 11:09:42 -0700 Subject: [PATCH 1/2] When a server was killed on restart before an encrypted stream was recovered the keyfile was removed and could cause the stream to not be recoverable. We only needed to delete the key file when converting ciphers and right before we add the stream itself. Signed-off-by: Derek Collison --- server/jetstream.go | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/server/jetstream.go b/server/jetstream.go index 0c0381ce..3ca32c3a 100644 --- a/server/jetstream.go +++ b/server/jetstream.go @@ -1234,9 +1234,6 @@ func (a *Account) EnableJetStream(limits map[string]JetStreamAccountLimits) erro } buf = nbuf plaintext = false - - // Remove the key file to have system regenerate with the new cipher. - os.Remove(keyFile) } var cfg FileStreamInfo @@ -1288,6 +1285,8 @@ func (a *Account) EnableJetStream(limits map[string]JetStreamAccountLimits) erro s.Noticef(" Encrypting stream '%s > %s'", a.Name, cfg.StreamConfig.Name) } else if convertingCiphers { s.Noticef(" Converting from %s to %s for stream '%s > %s'", osc, sc, a.Name, cfg.StreamConfig.Name) + // Remove the key file to have system regenerate with the new cipher. + os.Remove(keyFile) } } From 4c1b93d0232096c709861f5a1018cbf3744547d3 Mon Sep 17 00:00:00 2001 From: Derek Collison Date: Sat, 3 Jun 2023 11:15:06 -0700 Subject: [PATCH 2/2] Make sure to put the keyfile back if we did not recover the stream. Signed-off-by: Derek Collison --- server/jetstream.go | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/server/jetstream.go b/server/jetstream.go index 3ca32c3a..8841f4ed 100644 --- a/server/jetstream.go +++ b/server/jetstream.go @@ -1209,22 +1209,23 @@ func (a *Account) EnableJetStream(limits map[string]JetStreamAccountLimits) erro // Check if we are encrypted. keyFile := filepath.Join(mdir, JetStreamMetaFileKey) - if key, err := os.ReadFile(keyFile); err == nil { + keyBuf, err := os.ReadFile(keyFile) + if err == nil { s.Debugf(" Stream metafile is encrypted, reading encrypted keyfile") - if len(key) < minMetaKeySize { - s.Warnf(" Bad stream encryption key length of %d", len(key)) + if len(keyBuf) < minMetaKeySize { + s.Warnf(" Bad stream encryption key length of %d", len(keyBuf)) continue } // Decode the buffer before proceeding. - nbuf, err := s.decryptMeta(sc, key, buf, a.Name, fi.Name()) + nbuf, err := s.decryptMeta(sc, keyBuf, buf, a.Name, fi.Name()) if err != nil { // See if we are changing ciphers. switch sc { case ChaCha: - nbuf, err = s.decryptMeta(AES, key, buf, a.Name, fi.Name()) + nbuf, err = s.decryptMeta(AES, keyBuf, buf, a.Name, fi.Name()) osc, convertingCiphers = AES, true case AES: - nbuf, err = s.decryptMeta(ChaCha, key, buf, a.Name, fi.Name()) + nbuf, err = s.decryptMeta(ChaCha, keyBuf, buf, a.Name, fi.Name()) osc, convertingCiphers = ChaCha, true } if err != nil { @@ -1294,6 +1295,13 @@ func (a *Account) EnableJetStream(limits map[string]JetStreamAccountLimits) erro mset, err := a.addStream(&cfg.StreamConfig) if err != nil { s.Warnf(" Error recreating stream %q: %v", cfg.Name, err) + // If we removed a keyfile from above make sure to put it back. + if convertingCiphers { + err := os.WriteFile(keyFile, keyBuf, defaultFilePerms) + if err != nil { + s.Warnf(" Error replacing meta keyfile for stream %q: %v", cfg.Name, err) + } + } continue } if !cfg.Created.IsZero() {