Compute AAD to encrypty/decrypt SO only if needed (elastic#75818)

nchaulet · Aug 26, 2020 · 5c63a5a · 5c63a5a
1 parent 36d24b9
commit 5c63a5a
Showing 1 changed file with 8 additions and 4 deletions.
diff --git a/x-pack/plugins/encrypted_saved_objects/server/crypto/encrypted_saved_objects_service.ts b/x-pack/plugins/encrypted_saved_objects/server/crypto/encrypted_saved_objects_service.ts
@@ -198,12 +198,15 @@ export class EncryptedSavedObjectsService {
     if (typeDefinition === undefined) {
       return attributes;
     }
+    let encryptionAAD: string | undefined;
 
-    const encryptionAAD = this.getAAD(typeDefinition, descriptor, attributes);
     const encryptedAttributes: Record<string, string> = {};
     for (const attributeName of typeDefinition.attributesToEncrypt) {
       const attributeValue = attributes[attributeName];
       if (attributeValue != null) {
+        if (!encryptionAAD) {
+          encryptionAAD = this.getAAD(typeDefinition, descriptor, attributes);
+        }
         try {
           encryptedAttributes[attributeName] = (yield [attributeValue, encryptionAAD])!;
         } catch (err) {
@@ -376,8 +379,7 @@ export class EncryptedSavedObjectsService {
     if (typeDefinition === undefined) {
       return attributes;
     }
-
-    const encryptionAAD = this.getAAD(typeDefinition, descriptor, attributes);
+    let encryptionAAD: string | undefined;
     const decryptedAttributes: Record<string, EncryptOutput> = {};
     for (const attributeName of typeDefinition.attributesToEncrypt) {
       const attributeValue = attributes[attributeName];
@@ -393,7 +395,9 @@ export class EncryptedSavedObjectsService {
           )}`
         );
       }
-
+      if (!encryptionAAD) {
+        encryptionAAD = this.getAAD(typeDefinition, descriptor, attributes);
+      }
       try {
         decryptedAttributes[attributeName] = (yield [attributeValue, encryptionAAD])!;
       } catch (err) {