mirrors/ceph-csi
1
0
Fork 0
mirror of https://github.com/ceph/ceph-csi.git synced 2025-01-19 03:09:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #74 from ceph/devel

Browse Source 
rbd: add AAD(additionalAuthData) while unwrapping the DEK
This commit is contained in:
OpenShift Merge Robot 2022-02-07 23:26:17 -05:00 committed by GitHub
commit 25d252ab2a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
internal/kms/keyprotect.go
View File

@ -251,7 +251,8 @@ func (kms *keyProtectKMS) DecryptDEK(volumeID, encryptedDEK string) (string, err
err)
}
result, err := kms.client.Unwrap(context.TODO(), kms.customerRootKey, ciphertextBlob, nil)
aadVolID := []string{volumeID}
result, err := kms.client.Unwrap(context.TODO(), kms.customerRootKey, ciphertextBlob, &aadVolID)
if err != nil {
return "", fmt.Errorf("failed to unwrap the DEK: %w", err)
}