rbd: add AAD(additionalAuthData) while unwrapping the DEK

As we are using optional additional auth data while wrapping
the DEK, we have to send the same additionally while unwrapping.

Error:
```
 failed to unwrap the DEK: kp.Error: ..(INVALID_FIELD_ERR)',
 reasons='[INVALID_FIELD_ERR: The field `ciphertext` must be: the
 original base64 encoded ciphertext from the wrap operation
```

Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
This commit is contained in:
Humble Chirammal 2022-02-07 19:28:11 +05:30 committed by mergify[bot]
parent 3014b722ad
commit 1c3baa0722

View File

@ -251,7 +251,8 @@ func (kms *keyProtectKMS) DecryptDEK(volumeID, encryptedDEK string) (string, err
err) err)
} }
result, err := kms.client.Unwrap(context.TODO(), kms.customerRootKey, ciphertextBlob, nil) aadVolID := []string{volumeID}
result, err := kms.client.Unwrap(context.TODO(), kms.customerRootKey, ciphertextBlob, &aadVolID)
if err != nil { if err != nil {
return "", fmt.Errorf("failed to unwrap the DEK: %w", err) return "", fmt.Errorf("failed to unwrap the DEK: %w", err)
} }