mirrors/ceph-csi
1
0
Fork 0
mirror of https://github.com/ceph/ceph-csi.git synced 2024-11-23 23:00:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

rbd: add AAD(additionalAuthData) while unwrapping the DEK

Browse Source 
As we are using optional additional auth data while wrapping
the DEK, we have to send the same additionally while unwrapping.

Error:
```
 failed to unwrap the DEK: kp.Error: ..(INVALID_FIELD_ERR)',
 reasons='[INVALID_FIELD_ERR: The field `ciphertext` must be: the
 original base64 encoded ciphertext from the wrap operation
```

Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
(cherry picked from commit 1c3baa0722)
This commit is contained in:
Humble Chirammal 2022-02-07 19:28:11 +05:30 committed by mergify[bot]
parent 893ad40d15
commit 043a71aad1
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
internal/kms/keyprotect.go
View File

@ -251,7 +251,8 @@ func (kms *KeyProtectKMS) DecryptDEK(volumeID, encryptedDEK string) (string, err
err)
}
result, err := kms.client.Unwrap(context.TODO(), kms.customerRootKey, ciphertextBlob, nil)
aadVolID := []string{volumeID}
result, err := kms.client.Unwrap(context.TODO(), kms.customerRootKey, ciphertextBlob, &aadVolID)
if err != nil {
return "", fmt.Errorf("failed to unwrap the DEK: %w", err)
}