Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Handle errors when decrypting multiple EDKs with raw RSA MKPs #672

Merged
merged 3 commits into from
May 2, 2024
Merged

fix: Handle errors when decrypting multiple EDKs with raw RSA MKPs #672

merged 3 commits into from
May 2, 2024

Conversation

lucasmcdonald3
Copy link
Contributor

Issue #, if available:

Description of changes:

Catch a ValueError thrown by cryptography if the master key provider cannot decrypt the EDK, and surface it as a IncorrectMasterKeyError.

From MKP Decrypt Data Key spec:

"The master key provider SHOULD attempt to decrypt the data key by passing the request to any master keys that it has access to until it has either exhausted available master keys or obtained a plaintext data key."

Surfacing the ValueError as an IncorrectMasterKeyError lets this logic swallow the exception, and try to decrypt other data keys from the encrypted data key list.

This is extremely similar to this previous issue, except with raw RSA keys instead of KMSMasterKeys.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Check any applicable:

  • Were any files moved? Moving files changes their URL, which breaks all hyperlinks to the files.

@lucasmcdonald3 lucasmcdonald3 marked this pull request as ready for review May 2, 2024 00:01
@lucasmcdonald3 lucasmcdonald3 requested a review from a team as a code owner May 2, 2024 00:01
@lucasmcdonald3 lucasmcdonald3 changed the title fix: Handle errors when decrypting a wrapped data key fix: Handle errors when decrypting a raw RSA wrapped data key May 2, 2024
@lucasmcdonald3 lucasmcdonald3 changed the title fix: Handle errors when decrypting a raw RSA wrapped data key fix: Handle errors when decrypting multiple EDKs with raw RSA keys May 2, 2024
@lucasmcdonald3 lucasmcdonald3 changed the title fix: Handle errors when decrypting multiple EDKs with raw RSA keys fix: Handle errors when decrypting multiple EDKs with raw RSA MKPs May 2, 2024
@lucasmcdonald3 lucasmcdonald3 merged commit 5f29be9 into master May 2, 2024
171 checks passed
@lucasmcdonald3 lucasmcdonald3 deleted the lucmcdon/raw-rsa-mkp-fix branch May 2, 2024 17:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kessplas kessplas kessplas approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@lucasmcdonald3 @kessplas