Bugfix: Crypto ReadOnlyMemory<byte> decryption times out (#1443)

WhitWaldo · web-flow · commit 676c0d7a7f56 · 2025-01-15T11:11:26.000-06:00
* Bugfix: Removed use of MemoryMarshal as it wasn't decrypting in-memory byte arrays properly (doesn't impact stream encryption/decryption).

Signed-off-by: Whit Waldo &lt;whit.waldo@innovian.net&gt;

* Added extension method similar to how the CommunityToolkit.HighPerformance project handles the creation of MemoryStreams without an allocation. Restored the use of MemoryMarshal, but throws an exception if the data cannot be accessed now, instead of hanging as it did in a previous iteration.

Tested both paths (string and stream) from example project successfully.

Signed-off-by: Whit Waldo &lt;whit.waldo@innovian.net&gt;

* Added missing using

Signed-off-by: Whit Waldo &lt;whit.waldo@innovian.net&gt;

---------

Signed-off-by: Whit Waldo &lt;whit.waldo@innovian.net&gt;
diff --git a/src/Dapr.Client/DaprClientGrpc.cs b/src/Dapr.Client/DaprClientGrpc.cs
@@ -1670,24 +1670,18 @@ public override async Task<ReadOnlyMemory<byte>> EncryptAsync(string vaultResour
         ReadOnlyMemory<byte> plaintextBytes, string keyName, EncryptionOptions encryptionOptions,
         CancellationToken cancellationToken = default)
     {
-        if (MemoryMarshal.TryGetArray(plaintextBytes, out var plaintextSegment) && plaintextSegment.Array != null)
-        {
-            var encryptionResult = await EncryptAsync(vaultResourceName, new MemoryStream(plaintextSegment.Array),
-                keyName, encryptionOptions,
-                cancellationToken);
+        using var memoryStream = plaintextBytes.CreateMemoryStream(true);
 
-            var bufferedResult = new ArrayBufferWriter<byte>();
+        var encryptionResult =
+            await EncryptAsync(vaultResourceName, memoryStream, keyName, encryptionOptions, cancellationToken);
 
-            await foreach (var item in encryptionResult.WithCancellation(cancellationToken))
-            {
-                bufferedResult.Write(item.Span);
-            }
-
-            return bufferedResult.WrittenMemory;
+        var bufferedResult = new ArrayBufferWriter<byte>();
+        await foreach (var item in encryptionResult.WithCancellation(cancellationToken))
+        {
+            bufferedResult.Write(item.Span);
         }
 
-        throw new ArgumentException("The input instance doesn't have a valid underlying data store.",
-            nameof(plaintextBytes));
+        return bufferedResult.WrittenMemory;
     }
 
     /// <inheritdoc />
@@ -1895,22 +1889,18 @@ public override async Task<ReadOnlyMemory<byte>> DecryptAsync(string vaultResour
         ReadOnlyMemory<byte> ciphertextBytes, string keyName, DecryptionOptions decryptionOptions,
         CancellationToken cancellationToken = default)
     {
-        if (MemoryMarshal.TryGetArray(ciphertextBytes, out var ciphertextSegment) && ciphertextSegment.Array != null)
-        {
-            var decryptionResult = await DecryptAsync(vaultResourceName, new MemoryStream(ciphertextSegment.Array),
-                keyName, decryptionOptions, cancellationToken);
+        using var memoryStream = ciphertextBytes.CreateMemoryStream(true);
 
-            var bufferedResult = new ArrayBufferWriter<byte>();
-            await foreach (var item in decryptionResult.WithCancellation(cancellationToken))
-            {
-                bufferedResult.Write(item.Span);
-            }
-
-            return bufferedResult.WrittenMemory;
+        var decryptionResult =
+            await DecryptAsync(vaultResourceName, memoryStream, keyName, decryptionOptions, cancellationToken);
+        
+        var bufferedResult = new ArrayBufferWriter<byte>();
+        await foreach (var item in decryptionResult.WithCancellation(cancellationToken))
+        {
+            bufferedResult.Write(item.Span);
         }
 
-        throw new ArgumentException("The input instance doesn't have a valid underlying data store",
-            nameof(ciphertextBytes));
+        return bufferedResult.WrittenMemory;
     }
 
     /// <inheritdoc />
diff --git a/src/Dapr.Client/Extensions/ReadOnlyMemoryExtensions.cs b/src/Dapr.Client/Extensions/ReadOnlyMemoryExtensions.cs
@@ -0,0 +1,36 @@
+﻿// ------------------------------------------------------------------------
+// Copyright 2025 The Dapr Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//     http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ------------------------------------------------------------------------
+
+using System;
+using System.IO;
+using System.Runtime.InteropServices;
+
+namespace Dapr.Client;
+
+internal static class ReadOnlyMemoryExtensions
+{
+    public static MemoryStream CreateMemoryStream(this ReadOnlyMemory<byte> memory, bool isReadOnly)
+    {
+        if (memory.IsEmpty)
+        {
+            return new MemoryStream(Array.Empty<byte>(), !isReadOnly);
+        }
+
+        if (MemoryMarshal.TryGetArray(memory, out ArraySegment<byte> segment))
+        {
+            return new MemoryStream(segment.Array!, segment.Offset, segment.Count, !isReadOnly);
+        }
+
+        throw new ArgumentException(nameof(memory), "Unable to create MemoryStream from provided memory value");
+    }
+}
