GetKMSKeyWithEncryptionCtx returns the first KMS key affected by the encryption context bug as well as its location in the key groups.
(tree *sops.Tree)
| 218 | |
| 219 | // GetKMSKeyWithEncryptionCtx returns the first KMS key affected by the encryption context bug as well as its location in the key groups. |
| 220 | func GetKMSKeyWithEncryptionCtx(tree *sops.Tree) (keyGroupIndex int, keyIndex int, key *kms.MasterKey) { |
| 221 | for i, kg := range tree.Metadata.KeyGroups { |
| 222 | for n, k := range kg { |
| 223 | kmsKey, ok := k.(*kms.MasterKey) |
| 224 | if ok { |
| 225 | if len(kmsKey.EncryptionContext) >= 2 { |
| 226 | duplicateValues := map[string]int{} |
| 227 | for _, v := range kmsKey.EncryptionContext { |
| 228 | duplicateValues[*v] = duplicateValues[*v] + 1 |
| 229 | } |
| 230 | if len(duplicateValues) > 1 { |
| 231 | return i, n, kmsKey |
| 232 | } |
| 233 | } |
| 234 | } |
| 235 | } |
| 236 | } |
| 237 | return 0, 0, nil |
| 238 | } |
| 239 | |
| 240 | // GenericDecryptOpts represents decryption options and config |
| 241 | type GenericDecryptOpts struct { |
no outgoing calls
no test coverage detected