From bc053532ae536e35c6846a3ec7c067c7ffd94405 Mon Sep 17 00:00:00 2001 From: Whit Waldo Date: Tue, 14 Jan 2025 05:25:43 -0600 Subject: [PATCH 1/3] Bugfix: Removed use of MemoryMarshal as it wasn't decrypting in-memory byte arrays properly (doesn't impact stream encryption/decryption). Signed-off-by: Whit Waldo --- src/Dapr.Client/DaprClientGrpc.cs | 48 ++++++++++++++----------------- 1 file changed, 21 insertions(+), 27 deletions(-) diff --git a/src/Dapr.Client/DaprClientGrpc.cs b/src/Dapr.Client/DaprClientGrpc.cs index 40df4767..c5b8a82e 100644 --- a/src/Dapr.Client/DaprClientGrpc.cs +++ b/src/Dapr.Client/DaprClientGrpc.cs @@ -1670,24 +1670,20 @@ public override async Task> EncryptAsync(string vaultResour ReadOnlyMemory plaintextBytes, string keyName, EncryptionOptions encryptionOptions, CancellationToken cancellationToken = default) { - if (MemoryMarshal.TryGetArray(plaintextBytes, out var plaintextSegment) && plaintextSegment.Array != null) - { - var encryptionResult = await EncryptAsync(vaultResourceName, new MemoryStream(plaintextSegment.Array), - keyName, encryptionOptions, - cancellationToken); + var memoryStream = new MemoryStream(); + await memoryStream.WriteAsync(plaintextBytes, cancellationToken); + memoryStream.Position = 0; - var bufferedResult = new ArrayBufferWriter(); + var encryptionResult = + await EncryptAsync(vaultResourceName, memoryStream, keyName, encryptionOptions, cancellationToken); - await foreach (var item in encryptionResult.WithCancellation(cancellationToken)) - { - bufferedResult.Write(item.Span); - } - - return bufferedResult.WrittenMemory; + var bufferedResult = new ArrayBufferWriter(); + await foreach (var item in encryptionResult.WithCancellation(cancellationToken)) + { + bufferedResult.Write(item.Span); } - throw new ArgumentException("The input instance doesn't have a valid underlying data store.", - nameof(plaintextBytes)); + return bufferedResult.WrittenMemory; } /// @@ -1895,22 +1891,20 @@ public override async Task> DecryptAsync(string vaultResour ReadOnlyMemory ciphertextBytes, string keyName, DecryptionOptions decryptionOptions, CancellationToken cancellationToken = default) { - if (MemoryMarshal.TryGetArray(ciphertextBytes, out var ciphertextSegment) && ciphertextSegment.Array != null) - { - var decryptionResult = await DecryptAsync(vaultResourceName, new MemoryStream(ciphertextSegment.Array), - keyName, decryptionOptions, cancellationToken); + using var memoryStream = new MemoryStream(); + await memoryStream.WriteAsync(ciphertextBytes, cancellationToken); + memoryStream.Position = 0; - var bufferedResult = new ArrayBufferWriter(); - await foreach (var item in decryptionResult.WithCancellation(cancellationToken)) - { - bufferedResult.Write(item.Span); - } - - return bufferedResult.WrittenMemory; + var decryptionResult = + await DecryptAsync(vaultResourceName, memoryStream, keyName, decryptionOptions, cancellationToken); + + var bufferedResult = new ArrayBufferWriter(); + await foreach (var item in decryptionResult.WithCancellation(cancellationToken)) + { + bufferedResult.Write(item.Span); } - throw new ArgumentException("The input instance doesn't have a valid underlying data store", - nameof(ciphertextBytes)); + return bufferedResult.WrittenMemory; } /// From d65037ebda90cdba01bbc60cdec3782cf2ac56ad Mon Sep 17 00:00:00 2001 From: Whit Waldo Date: Tue, 14 Jan 2025 18:26:37 -0600 Subject: [PATCH 2/3] Added extension method similar to how the CommunityToolkit.HighPerformance project handles the creation of MemoryStreams without an allocation. Restored the use of MemoryMarshal, but throws an exception if the data cannot be accessed now, instead of hanging as it did in a previous iteration. Tested both paths (string and stream) from example project successfully. Signed-off-by: Whit Waldo --- src/Dapr.Client/DaprClientGrpc.cs | 8 ++--- .../Extensions/ReadOnlyMemoryExtensions.cs | 36 +++++++++++++++++++ 2 files changed, 38 insertions(+), 6 deletions(-) create mode 100644 src/Dapr.Client/Extensions/ReadOnlyMemoryExtensions.cs diff --git a/src/Dapr.Client/DaprClientGrpc.cs b/src/Dapr.Client/DaprClientGrpc.cs index c5b8a82e..a7b1df29 100644 --- a/src/Dapr.Client/DaprClientGrpc.cs +++ b/src/Dapr.Client/DaprClientGrpc.cs @@ -1670,9 +1670,7 @@ public override async Task> EncryptAsync(string vaultResour ReadOnlyMemory plaintextBytes, string keyName, EncryptionOptions encryptionOptions, CancellationToken cancellationToken = default) { - var memoryStream = new MemoryStream(); - await memoryStream.WriteAsync(plaintextBytes, cancellationToken); - memoryStream.Position = 0; + var memoryStream = plaintextBytes.CreateMemoryStream(true); var encryptionResult = await EncryptAsync(vaultResourceName, memoryStream, keyName, encryptionOptions, cancellationToken); @@ -1891,9 +1889,7 @@ public override async Task> DecryptAsync(string vaultResour ReadOnlyMemory ciphertextBytes, string keyName, DecryptionOptions decryptionOptions, CancellationToken cancellationToken = default) { - using var memoryStream = new MemoryStream(); - await memoryStream.WriteAsync(ciphertextBytes, cancellationToken); - memoryStream.Position = 0; + using var memoryStream = ciphertextBytes.CreateMemoryStream(true); var decryptionResult = await DecryptAsync(vaultResourceName, memoryStream, keyName, decryptionOptions, cancellationToken); diff --git a/src/Dapr.Client/Extensions/ReadOnlyMemoryExtensions.cs b/src/Dapr.Client/Extensions/ReadOnlyMemoryExtensions.cs new file mode 100644 index 00000000..928e2c3f --- /dev/null +++ b/src/Dapr.Client/Extensions/ReadOnlyMemoryExtensions.cs @@ -0,0 +1,36 @@ +// ------------------------------------------------------------------------ +// Copyright 2025 The Dapr Authors +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// ------------------------------------------------------------------------ + +using System; +using System.IO; +using System.Runtime.InteropServices; + +namespace Dapr.Client; + +internal static class ReadOnlyMemoryExtensions +{ + public static MemoryStream CreateMemoryStream(this ReadOnlyMemory memory, bool isReadOnly) + { + if (memory.IsEmpty) + { + return new MemoryStream(Array.Empty(), !isReadOnly); + } + + if (MemoryMarshal.TryGetArray(memory, out ArraySegment segment)) + { + return new MemoryStream(segment.Array!, segment.Offset, segment.Count, !isReadOnly); + } + + throw new ArgumentException(nameof(memory), "Unable to create MemoryStream from provided memory value"); + } +} From 2e22ad9704e5728f261b951a46db6af1b5ca78de Mon Sep 17 00:00:00 2001 From: Whit Waldo Date: Wed, 15 Jan 2025 11:03:21 -0600 Subject: [PATCH 3/3] Added missing using Signed-off-by: Whit Waldo --- src/Dapr.Client/DaprClientGrpc.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Dapr.Client/DaprClientGrpc.cs b/src/Dapr.Client/DaprClientGrpc.cs index a7b1df29..394b313e 100644 --- a/src/Dapr.Client/DaprClientGrpc.cs +++ b/src/Dapr.Client/DaprClientGrpc.cs @@ -1670,7 +1670,7 @@ public override async Task> EncryptAsync(string vaultResour ReadOnlyMemory plaintextBytes, string keyName, EncryptionOptions encryptionOptions, CancellationToken cancellationToken = default) { - var memoryStream = plaintextBytes.CreateMemoryStream(true); + using var memoryStream = plaintextBytes.CreateMemoryStream(true); var encryptionResult = await EncryptAsync(vaultResourceName, memoryStream, keyName, encryptionOptions, cancellationToken);