Skip to content

fix(secrets): chunk EncryptLargeString by bytes not runes to fix UTF-8 overflow#321

Open
simple-container-forge[bot] wants to merge 7 commits into
mainfrom
forge/workflow/99171cbe-7c27-4976-a999-931b834b5d62/run/08762da2-22ac-4162-abc6-60b46e7a89c5
Open

fix(secrets): chunk EncryptLargeString by bytes not runes to fix UTF-8 overflow#321
simple-container-forge[bot] wants to merge 7 commits into
mainfrom
forge/workflow/99171cbe-7c27-4976-a999-931b834b5d62/run/08762da2-22ac-4162-abc6-60b46e7a89c5

Conversation

@simple-container-forge

@simple-container-forge simple-container-forge Bot commented Jun 12, 2026

Copy link
Copy Markdown
Contributor

Closes #318

Summary

  • Root cause: EncryptLargeString used lo.ChunkString (rune-based) to split the input before calling rsa.EncryptOAEP. For multi-byte UTF-8 characters a 128-rune chunk can encode to up to 384 bytes, exceeding the OAEP-SHA256 limit of 190 bytes for a 2048-bit key, causing crypto/rsa: message too long for RSA key size.
  • Fix: Replace the rune-based loop with a byte-slice loop using maxPlain = rsaKey.Size() - 2*sha256.Size - 2 (the exact RFC 8017 §7.1.1 formula: 190 bytes for a 2048-bit key).
  • Also: Added a TODO comment on EncryptWithPublicRSAKey documenting the latent SHA-512 vs SHA-256 hash inconsistency with EncryptLargeString.

Changes

  • pkg/api/secrets/ciphers/encryption.go — replace lo.ChunkString block in EncryptLargeString RSA branch with byte-slice loop; add TODO to EncryptWithPublicRSAKey
  • pkg/api/secrets/ciphers/encryption_test.go — add TestEncryptLargeStringUTF8 with 6 sub-tests covering: box-drawing flood (120 × U+2500 = 360 B), mixed multi-byte, 190/191-byte ASCII boundaries, empty string, 4096-bit key round-trip

Backward Compatibility

DecryptLargeString is chunk-size agnostic — it decrypts whatever list it receives. Existing secrets encrypted with the old rune-based chunking still decrypt correctly.

Test Plan

  • go test ./pkg/api/secrets/ciphers/... — all tests pass (including 6 new UTF-8 regression tests)
  • All existing tests unchanged and green

Forge workflow run

https://app.simple-forge.com/agent-workflow-runs/08762da2-22ac-4162-abc6-60b46e7a89c5

Forge Workflow Engine and others added 4 commits June 12, 2026 18:16
…c-4162-abc6-60b46e7a89c5 init

idempotency: 99171cbe-7c27-4976-a999-931b834b5d62:08762da2-22ac-4162-abc6-60b46e7a89c5:init
idempotency: pm:run

Co-authored-by: Max Warner (pm) <forge-agent+pm@simple-forge.com>
idempotency: architect:run

Co-authored-by: Dan Johnson (architect) <forge-agent+architect@simple-forge.com>
…8 overflow

lo.ChunkString counts runes; for multi-byte UTF-8 a 128-rune chunk can be up
to 384 bytes, exceeding the RSA-OAEP-SHA256 limit of 190 bytes for a 2048-bit
key and causing "crypto/rsa: message too long for RSA key size".

Replace the rune-based lo.ChunkString loop with a byte-slice loop using
maxPlain = rsaKey.Size() - 2*sha256.Size - 2 (the exact RFC 8017 §7.1.1
formula). DecryptLargeString is chunk-size agnostic and needs no change;
existing ciphertexts decrypt correctly.

Also add a TODO comment to EncryptWithPublicRSAKey documenting the latent
SHA-512 vs SHA-256 hash inconsistency with EncryptLargeString.

Adds regression tests covering: box-drawing flood (120 × U+2500 = 360 B),
mixed multi-byte, 190/191-byte ASCII boundaries, empty string, 4096-bit key.
idempotency: developer:run

Co-authored-by: David Black (developer) <forge-agent+developer@simple-forge.com>
@github-actions

github-actions Bot commented Jun 12, 2026

Copy link
Copy Markdown

Semgrep Scan Results

Repository: api | Commit: 9befec1

Check Status Details
✅ Semgrep Pass 0 total findings (no error/warning)

Scanned at 2026-06-12 18:35 UTC

@github-actions

github-actions Bot commented Jun 12, 2026

Copy link
Copy Markdown

Security Scan Results

Repository: api | Commit: 9befec1

Check Status Details
✅ Secret Scan Pass No secrets detected
✅ Dependencies (Trivy) Pass 0 total (no critical/high)
✅ Dependencies (Grype) Pass 2 total (no critical/high)
📦 SBOM Generated 527 components (CycloneDX)

Scanned at 2026-06-12 18:36 UTC

Maria Currie (qa) and others added 2 commits June 12, 2026 18:33
idempotency: qa:run

Co-authored-by: Maria Currie (qa) <forge-agent+qa@simple-forge.com>
idempotency: devops:run

Co-authored-by: William Smith (devops) <forge-agent+devops@simple-forge.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Bug: sc secrets add/hide fails on UTF-8 secret files — "crypto/rsa: message too long for RSA key size"

0 participants