mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-11-09 16:00:22 +00:00
rbd: add AAD(additionalAuthData) while unwrapping the DEK
As we are using optional additional auth data while wrapping
the DEK, we have to send the same additionally while unwrapping.
Error:
```
failed to unwrap the DEK: kp.Error: ..(INVALID_FIELD_ERR)',
reasons='[INVALID_FIELD_ERR: The field `ciphertext` must be: the
original base64 encoded ciphertext from the wrap operation
```
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
(cherry picked from commit 1c3baa0722
)
This commit is contained in:
parent
893ad40d15
commit
043a71aad1
@ -251,7 +251,8 @@ func (kms *KeyProtectKMS) DecryptDEK(volumeID, encryptedDEK string) (string, err
|
||||
err)
|
||||
}
|
||||
|
||||
result, err := kms.client.Unwrap(context.TODO(), kms.customerRootKey, ciphertextBlob, nil)
|
||||
aadVolID := []string{volumeID}
|
||||
result, err := kms.client.Unwrap(context.TODO(), kms.customerRootKey, ciphertextBlob, &aadVolID)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("failed to unwrap the DEK: %w", err)
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user