Skip to content

Commit

Permalink
cleanups
Browse files Browse the repository at this point in the history
  • Loading branch information
@dmihalcik-virtru
dmihalcik-virtru committed Feb 6, 2025
1 parent 171fc91 commit 19b4744
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 30 deletions.
43 changes: 14 additions & 29 deletions lib/ocrypto/asym_decryption.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@ import (
"crypto/cipher"
"crypto/ecdh"
"crypto/ecdsa"
"crypto/elliptic"
"crypto/rsa"
"crypto/sha256"
"crypto/x509"
Expand Down Expand Up @@ -117,27 +116,26 @@ func NewECDecryptor(sk *ecdh.PrivateKey) (ECDecryptor, error) {
func (e ECDecryptor) Decrypt(wrapped []byte) ([]byte, error) {
var ek *ecdh.PublicKey
var wv ecWrappedValue
var pubFromDSN any

if rest, err := asn1.Unmarshal(wrapped, &wv); err != nil {
return nil, fmt.Errorf("asn1.Unmarshal failure: %w", err)
} else if len(rest) > 0 {
return nil, errors.New("trailing data")
} else {
if pubFromDSN, err := x509.ParsePKIXPublicKey(wv.EphemeralKey); err != nil {
return nil, fmt.Errorf("ecdh failure: %w", err)
} else {
switch pubFromDSN := pubFromDSN.(type) {
case *ecdsa.PublicKey:
ek, err = ConvertToECDHPublicKey(pubFromDSN)
if err != nil {
return nil, fmt.Errorf("ecdh conversion failure: %w", err)
}
case *ecdh.PublicKey:
ek = pubFromDSN
default:
return nil, errors.New("not an supported type of public key")
}
} else if pubFromDSN, err = x509.ParsePKIXPublicKey(wv.EphemeralKey); err != nil {
return nil, fmt.Errorf("ecdh failure: %w", err)
}
switch pubFromDSN := pubFromDSN.(type) {
case *ecdsa.PublicKey:
var err error
ek, err = ConvertToECDHPublicKey(pubFromDSN)
if err != nil {
return nil, fmt.Errorf("ecdh conversion failure: %w", err)
}
case *ecdh.PublicKey:
ek = pubFromDSN
default:
return nil, errors.New("not an supported type of public key")
}

ikm, err := e.sk.ECDH(ek)
Expand Down Expand Up @@ -176,16 +174,3 @@ func (e ECDecryptor) Decrypt(wrapped []byte) ([]byte, error) {

return plaintext, nil
}

func convCurve(c ecdh.Curve) elliptic.Curve {
switch c {
case ecdh.P256():
return elliptic.P256()
case ecdh.P384():
return elliptic.P384()
case ecdh.P521():
return elliptic.P521()
default:
return nil
}
}
2 changes: 1 addition & 1 deletion service/kas/access/rewrap.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -436,7 +436,7 @@ func (p *Provider) verifyRewrapRequests(ctx context.Context, req *kaspb.Unsigned
var err error
switch kao.GetKeyAccessObject().GetKeyType() {
case "ec-wrapped":
symKey, err = p.CryptoProvider.ECDecrypt(kao.GetKeyAccessObject().GetKid(), kao.GetKeyAccessObject().GetEphemeralPublicKey())
symKey, err = p.CryptoProvider.ECDecrypt(kao.GetKeyAccessObject().GetKid(), kao.GetKeyAccessObject().GetWrappedKey())
case "wrapped":
var kidsToCheck []string
if kao.GetKeyAccessObject().GetKid() != "" {
Expand Down

0 comments on commit 19b4744

Please sign in to comment.