[match] improve encryption internals, solving flaky test (#21663)

[lacostej]

Checklist

• I've run bundle exec rspec from the root directory to see all new and existing tests pass
• I've followed the fastlane code style and run bundle exec rubocop -a to ensure the code style is valid
• I see several green ci/circleci builds in the "All checks have passed" section of my PR (connect CircleCI to GitHub if not)
• I've read the Contribution Guidelines
• I've updated the documentation if necessary.
• I've added or updated relevant unit tests.

Motivation and Context

Resolves #21663

Description

See discussion in above issue.

Testing Steps

[lacostej]

Well apart from the new #21792 flaky test, the proposed implementation won't work with all openssl installations

     # ./match/spec/importer_spec.rb:122:in `block (3 levels) in <top (required)>'
     # ./.bundle/ruby/3.1.0/gems/webmock-3.18.1/lib/webmock/rspec.rb:37:in `block (2 levels) in <top (required)>'
     # ------------------
     # --- Caused by: ---
     # RuntimeError:
     #   unsupported cipher algorithm (AES-256-GCM)
     #   ./match/lib/match/encryption/encryption.rb:49:in `initialize'

[lacostej]

I considered increasing this very low iteration value, but changing the value requires changing the encryption format anyway, so let's just change the cipher etc.

[milch]

Just as a suggestion but nothing blocking, I think this could be refactored so that the IV gen happens in one class per algorithm, and then there's a single encrypt/decrypt function that takes in the IV gen class. I think overall it would just cut down on the duplication a little bit.

[lacostej]

You mean as passing the ivgen function as a "strategy" to the same code that is shared between V1 and V2?

I thought about it, but decided against for now because

• I preferred to keep V2 on its own, completely unrelated to common code with V1, to make it more readable.
• There used to be a few lines, and now there are already 3 classes. I felt it was maybe enough abstractions

[lacostej]

Another question I have: do we want to enforce keywords parameters instead?

I think it usually makes for better API management and backwards compatibility.

Should I update this file and use keywords args instead?

[rogerluan]

I'm all for keyword parameters whenever we can 🙏

[lacostej]

I added some but not in all classes. Makes sense or inconsistent?

[rogerluan]

Just some nitpick comments about docs and formatting, as I don't quite grasp the whole encryption details 😅 but the overall logic LGTM and I liked your approach of keeping this backwards compatible by trying both V1 and V2 👌

[rogerluan]

Shouldn't this be bin/match_file instead of match_file?

Also, this looks like a typo:

Suggested change

	match_file encrypt "<fileYouWantToEncryptPath>" ["<encryptedFilePath>]"
	match_file decrypt "<fileYouWantToDecryptPath>" ["<decryptedFilePath>]"
	match_file encrypt "<fileYouWantToEncryptPath>" "<encryptedFilePath>"
	match_file decrypt "<fileYouWantToDecryptPath>" "<decryptedFilePath>"

[lacostej]

I think that once you install the gem, everything under bin will be in your CLASSPATH. SO match_file should be enough.

The [] were because the second parameter is optional and match_file decrypts / encrypts in place when omitted.

[rogerluan]

ooh 😮 gotcha. I didn't know about any of those 2 info you said haha good to know 💪

[rogerluan]

I'm all for keyword parameters whenever we can 🙏

[rogerluan]

LGTM! 🚀 thanks for addressing the CTRL+C exit 😊

[arc-v2]

Hi @lacostej I'm experiencing some issue with decryption since 2.220.0 was released. Could you confirm the following query:
Does this mean that match repo encrypted with fastlane version 2.220.0 will not work (decrypt) with fastlane version 2.219.0 but vice-versa should keep working?

[andre-alves]

Just experienced the same issue. I saved provisioning profiles using fastlane 2.220.0, and fastlane 2.219.0 is no longer able to decrypt them.

[stodirascu]

I have the same issue as above. If locally somebody is encrypting a profile or a certificate using 2.220, and the CI is decrypting it with 2.219, it will fail. So it's on a file-by-file basis.

This must be mentioned as a breaking change in the release notes at least.