Skip to content

Remove File hash tracking in shared link so that it does not break on… #1547

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: staging
Choose a base branch
from
Open

Remove File hash tracking in shared link so that it does not break on… #1547

wants to merge 1 commit into from

Conversation

wagiejack
Copy link

Encryption and AuthTicket Refactoring: LookupHash Implementation and ActualFileHash Removal

TL;DR

File updates break the link which is used for sharing them because we are hashing actual file as part of it, this update removes it and fixes tests and improves encryption

The Issue

The current file sharing system has two critical limitations that impact security and user experience:

  1. Weak Encryption: All files use the same fixed encryption tag "filetype:audio", making the encryption vulnerable to pattern analysis and reducing security strength.

  2. Fragile AuthTickets: The AuthTicket struct contains an ActualFileHash field that becomes invalid when file content changes, requiring users to regenerate share links every time a file is updated, even for minor changes.

  3. Runtime Encryption Failures: The PREChunkEncoder was missing the LookupHash field during instantiation, causing "invalid encryption header" errors during file downloads.

These issues create a poor user experience where:

  • File updates break existing shares
  • Encryption is not file-specific
  • Users must manually regenerate share links for every file change
  • Security is compromised by using a fixed encryption tag
  • File downloads fail with encryption errors

Root Cause

The root causes stem from architectural decisions in the encryption and sharing systems:

  1. Fixed Encryption Tag: The encryption scheme was initialized with a hardcoded literal "filetype:audio" instead of using a deterministic, file-specific identifier.

  2. Unnecessary AuthTicket Field: The ActualFileHash field was included in AuthTicket structs but was never used for validation logic - only for signature generation. This field becomes stale when file content changes.

  3. Missing PREChunkEncoder Field: The PREChunkEncoder struct was missing the LookupHash field during instantiation, causing runtime encryption failures.

  4. Inconsistent Encryption Context: The system lacked a deterministic way to generate file-specific encryption keys that remain stable across file content changes.

The technical root cause analysis reveals:

Fix Proposed and Implemented

Phase 1: Remove ActualFileHash from AuthTicket Structures

Changes Made:

  1. Blobber AuthTicket Update: blobber/code/go/0chain.net/blobbercore/readmarker/authticket.go
    • Removed ActualFileHash string field from AuthTicket struct
    • Updated GetHashData() method to exclude ActualFileHash from verification
    • Ensures consistent validation logic

Phase 2: Implement LookupHash-Based Encryption

Changes Made:

  1. Blobber Encryption Updates:

Phase 3: Update Test Suites

Test Files Updated:

  1. Blobber Tests:

Technical Implementation Details

Critical Runtime Fix: The PREChunkEncoder now properly initializes with the file-specific LookupHash, resolving the "invalid encryption header" error that was occurring during file downloads.

Re-encryption Enhancement: All re-encryption now uses deterministic file-specific keys that remain stable across file content changes.

Backward Compatibility: Existing encrypted files continue to work as the system gracefully handles both old and new encryption methods.

Repositories Affected

Blobber Repository

Files Modified:

Impact: Server-side re-encryption and AuthTicket validation updated with critical runtime bug fix.

Deployment Order

Deployment Order: Second (server-side changes, after Gosdk)

Testing Status

  • Blobber: [❌ In-Progress]

Critical Verification

  • Ensure PREChunkEncoder.LookupHash field is properly set
  • Verify no "invalid encryption header" errors in logs
  • Test file download with both old and new encryption methods

Backward Compatibility

This implementation maintains full backward compatibility:

  • Existing encrypted files continue to work
  • Old AuthTickets remain valid
  • No breaking changes to public APIs
  • Graceful handling of mixed encryption methods

Key Achievement: Fixed critical runtime bug in PREChunkEncoder initialization that would have broken file downloads for encrypted files.

The changes provide enhanced security and improved user experience while ensuring system stability and backward compatibility.

@wagiejack wagiejack self-assigned this Aug 15, 2025
@wagiejack wagiejack requested a review from guruhubb as a code owner August 15, 2025 13:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@guruhubb guruhubb Awaiting requested review from guruhubb guruhubb is a code owner

@Abhijeetmishr Abhijeetmishr Awaiting requested review from Abhijeetmishr

@Hitenjain14 Hitenjain14 Awaiting requested review from Hitenjain14

At least 1 approving review is required to merge this pull request.

Assignees

@wagiejack wagiejack

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@wagiejack