rbd: add AAD(additionalAuthData) while unwrapping the DEK

As we are using optional additional auth data while wrapping
the DEK, we have to send the same additionally while unwrapping.

Error:
```
 failed to unwrap the DEK: kp.Error: ..(INVALID_FIELD_ERR)',
 reasons='[INVALID_FIELD_ERR: The field `ciphertext` must be: the
 original base64 encoded ciphertext from the wrap operation
```

Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
(cherry picked from commit 1c3baa0722)
This commit is contained in:
Humble Chirammal 2022-02-07 19:28:11 +05:30 committed by mergify[bot]
parent 893ad40d15
commit 043a71aad1

View File

@ -251,7 +251,8 @@ func (kms *KeyProtectKMS) DecryptDEK(volumeID, encryptedDEK string) (string, err
err)
}
result, err := kms.client.Unwrap(context.TODO(), kms.customerRootKey, ciphertextBlob, nil)
aadVolID := []string{volumeID}
result, err := kms.client.Unwrap(context.TODO(), kms.customerRootKey, ciphertextBlob, &aadVolID)
if err != nil {
return "", fmt.Errorf("failed to unwrap the DEK: %w", err)
}