Skip to content

fix(core): Fixes protoJSON parse bug on ec rewrap #1943

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Feb 26, 2025
Merged

fix(core): Fixes protoJSON parse bug on ec rewrap #1943

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
00c5547
fix(core): Fixes protoJSON parse bug on ec rewrap
dmihalcik-virtru Feb 25, 2025
7e49ed5
Merge branch 'main' into feature/protoodooaoaosfsdoasdf
dmihalcik-virtru Feb 26, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 3 additions & 2 deletions docs/grpc/index.html
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

11 changes: 6 additions & 5 deletions protocol/go/kas/kas.pb.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Binary file added sample.tdf
View file
Open in desktop
Binary file not shown.
2 changes: 1 addition & 1 deletion sdk/tdf.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -975,7 +975,7 @@ func createRewrapRequest(_ context.Context, r *Reader) (map[string]*kas.Unsigned
},
SplitId: kao.SplitID,
WrappedKey: key,
EphemeralPublicKey: []byte(kao.EphemeralPublicKey),
EphemeralPublicKey: kao.EphemeralPublicKey,
},
}
if req, ok := kasReqs[kao.KasURL]; ok {
Expand Down
6 changes: 3 additions & 3 deletions service/kas/access/rewrap.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -170,7 +170,7 @@ func extractAndConvertV1SRTBody(body []byte) (kaspb.UnsignedRewrapRequest, error
SplitId: kao.SID,
WrappedKey: kao.WrappedKey,
Header: kao.Header,
EphemeralPublicKey: []byte(kao.EphemeralPublicKey),
EphemeralPublicKey: kao.EphemeralPublicKey,
},
},
},
Expand Down Expand Up @@ -467,7 +467,7 @@ func (p *Provider) verifyRewrapRequests(ctx context.Context, req *kaspb.Unsigned
ephemeralPubKeyPEM := kao.GetKeyAccessObject().GetEphemeralPublicKey()

// Get EC key size and convert to mode
keySize, err := ocrypto.GetECKeySize(ephemeralPubKeyPEM)
keySize, err := ocrypto.GetECKeySize([]byte(ephemeralPubKeyPEM))
if err != nil {
return nil, results, fmt.Errorf("failed to get EC key size: %w", err)
}
Expand All @@ -478,7 +478,7 @@ func (p *Provider) verifyRewrapRequests(ctx context.Context, req *kaspb.Unsigned
}

// Parse the PEM public key
block, _ := pem.Decode(ephemeralPubKeyPEM)
block, _ := pem.Decode([]byte(ephemeralPubKeyPEM))
if block == nil {
return nil, results, fmt.Errorf("failed to decode PEM block")
}
Expand Down
5 changes: 3 additions & 2 deletions service/kas/kas.proto
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,8 +48,9 @@
// header is only used for NanoTDFs
bytes header = 9;

// For wrapping with an ECDH derived key, when type=ec-wrapped
bytes ephemeral_public_key = 10;
// For wrapping with an ECDH derived key, when type=ec-wrapped.
// Should be a PEM-encoded PKCS#8 (asn.1) value.
string ephemeral_public_key = 10;

Check failure on line 53 in service/kas/kas.proto

View workflow job for this annotation

GitHub Actions / Protocol Buffer Lint and Gencode Up-to-date check 

Field "10" with name "ephemeral_public_key" on message "KeyAccess" changed type from "bytes" to "string".

Check failure on line 53 in service/kas/kas.proto

View workflow job for this annotation

GitHub Actions / Protocol Buffer Lint and Gencode Up-to-date check 

Field "10" with name "ephemeral_public_key" on message "KeyAccess" changed type from "bytes" to "string". See https://developers.google.com/protocol-buffers/docs/proto3#updating for wire compatibility rules. Note that while string and bytes are compatible if the data is valid UTF-8, there is no way to enforce that a bytes field is UTF-8, so these fields may be incompatible.

Check failure on line 53 in service/kas/kas.proto

View workflow job for this annotation

GitHub Actions / Protocol Buffer Lint and Gencode Up-to-date check 

Field "10" with name "ephemeral_public_key" on message "KeyAccess" changed type from "bytes" to "string". See https://developers.google.com/protocol-buffers/docs/proto3#updating for wire compatibility rules and https://developers.google.com/protocol-buffers/docs/proto3#json for JSON compatibility rules.
}

message UnsignedRewrapRequest {
Expand Down
Loading