Skip to content

Commit 19b4744

Browse files
dmihalcik-virtrudmihalcik-virtru
committed
cleanups
1 parent 171fc91 commit 19b4744

File tree

2 files changed

+15
-30
lines changed

2 files changed

+15
-30
lines changed

lib/ocrypto/asym_decryption.go

Lines changed: 14 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,6 @@ import (
66
"crypto/cipher"
77
"crypto/ecdh"
88
"crypto/ecdsa"
9-
"crypto/elliptic"
109
"crypto/rsa"
1110
"crypto/sha256"
1211
"crypto/x509"
@@ -117,27 +116,26 @@ func NewECDecryptor(sk *ecdh.PrivateKey) (ECDecryptor, error) {
117116
func (e ECDecryptor) Decrypt(wrapped []byte) ([]byte, error) {
118117
var ek *ecdh.PublicKey
119118
var wv ecWrappedValue
119+
var pubFromDSN any
120120

121121
if rest, err := asn1.Unmarshal(wrapped, &wv); err != nil {
122122
return nil, fmt.Errorf("asn1.Unmarshal failure: %w", err)
123123
} else if len(rest) > 0 {
124124
return nil, errors.New("trailing data")
125-
} else {
126-
if pubFromDSN, err := x509.ParsePKIXPublicKey(wv.EphemeralKey); err != nil {
127-
return nil, fmt.Errorf("ecdh failure: %w", err)
128-
} else {
129-
switch pubFromDSN := pubFromDSN.(type) {
130-
case *ecdsa.PublicKey:
131-
ek, err = ConvertToECDHPublicKey(pubFromDSN)
132-
if err != nil {
133-
return nil, fmt.Errorf("ecdh conversion failure: %w", err)
134-
}
135-
case *ecdh.PublicKey:
136-
ek = pubFromDSN
137-
default:
138-
return nil, errors.New("not an supported type of public key")
139-
}
125+
} else if pubFromDSN, err = x509.ParsePKIXPublicKey(wv.EphemeralKey); err != nil {
126+
return nil, fmt.Errorf("ecdh failure: %w", err)
127+
}
128+
switch pubFromDSN := pubFromDSN.(type) {
129+
case *ecdsa.PublicKey:
130+
var err error
131+
ek, err = ConvertToECDHPublicKey(pubFromDSN)
132+
if err != nil {
133+
return nil, fmt.Errorf("ecdh conversion failure: %w", err)
140134
}
135+
case *ecdh.PublicKey:
136+
ek = pubFromDSN
137+
default:
138+
return nil, errors.New("not an supported type of public key")
141139
}
142140

143141
ikm, err := e.sk.ECDH(ek)
@@ -176,16 +174,3 @@ func (e ECDecryptor) Decrypt(wrapped []byte) ([]byte, error) {
176174

177175
return plaintext, nil
178176
}
179-
180-
func convCurve(c ecdh.Curve) elliptic.Curve {
181-
switch c {
182-
case ecdh.P256():
183-
return elliptic.P256()
184-
case ecdh.P384():
185-
return elliptic.P384()
186-
case ecdh.P521():
187-
return elliptic.P521()
188-
default:
189-
return nil
190-
}
191-
}

service/kas/access/rewrap.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -436,7 +436,7 @@ func (p *Provider) verifyRewrapRequests(ctx context.Context, req *kaspb.Unsigned
436436
var err error
437437
switch kao.GetKeyAccessObject().GetKeyType() {
438438
case "ec-wrapped":
439-
symKey, err = p.CryptoProvider.ECDecrypt(kao.GetKeyAccessObject().GetKid(), kao.GetKeyAccessObject().GetEphemeralPublicKey())
439+
symKey, err = p.CryptoProvider.ECDecrypt(kao.GetKeyAccessObject().GetKid(), kao.GetKeyAccessObject().GetWrappedKey())
440440
case "wrapped":
441441
var kidsToCheck []string
442442
if kao.GetKeyAccessObject().GetKid() != "" {

0 commit comments

Comments
 (0)