Skip to content

Commit

Permalink
kms: Refined key derivation
Browse files Browse the repository at this point in the history
  • Loading branch information
@kvinwang
kvinwang committed Feb 5, 2025
1 parent 0ae0f07 commit 4d60f85
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 4 deletions.
4 changes: 2 additions & 2 deletions kms/src/crypto.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,10 +7,10 @@ use ra_tls::kdf;
pub(crate) fn derive_k256_key(
parent_key: &SigningKey,
app_id: &[u8],
context_data: &[&[u8]],
) -> Result<(SigningKey, Signature, RecoveryId)> {
let context_data = [app_id, b"app-key"];
let derived_key_bytes: [u8; 32] =
kdf::derive_ecdsa_key(&parent_key.to_bytes(), context_data, 32)?
kdf::derive_ecdsa_key(&parent_key.to_bytes(), &context_data, 32)?
.try_into()
.ok()
.context("Invalid derived key len")?;
Expand Down
3 changes: 1 addition & 2 deletions kms/src/main_service.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -186,8 +186,7 @@ impl KmsRpc for RpcHandler {
let (k256_key, k256_signature) = {
let (k256_app_key, signature, recid) = derive_k256_key(
&self.state.k256_key,
&app_id,
&[&app_id[..], "app-key".as_bytes()],
&app_id
)
.context("Failed to derive app ecdsa key")?;

Expand Down

0 comments on commit 4d60f85

Please sign in to comment.