mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-12-18 02:50:30 +00:00
rbd: add AAD(additionalAuthData) while unwrapping the DEK
As we are using optional additional auth data while wrapping the DEK, we have to send the same additionally while unwrapping. Error: ``` failed to unwrap the DEK: kp.Error: ..(INVALID_FIELD_ERR)', reasons='[INVALID_FIELD_ERR: The field `ciphertext` must be: the original base64 encoded ciphertext from the wrap operation ``` Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
This commit is contained in:
parent
3014b722ad
commit
1c3baa0722
@ -251,7 +251,8 @@ func (kms *keyProtectKMS) DecryptDEK(volumeID, encryptedDEK string) (string, err
|
||||
err)
|
||||
}
|
||||
|
||||
result, err := kms.client.Unwrap(context.TODO(), kms.customerRootKey, ciphertextBlob, nil)
|
||||
aadVolID := []string{volumeID}
|
||||
result, err := kms.client.Unwrap(context.TODO(), kms.customerRootKey, ciphertextBlob, &aadVolID)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("failed to unwrap the DEK: %w", err)
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user