decryptKey tries to decrypt the contents of the provided MasterKey with any of the key services, returning as soon as one key service succeeds.
(key keys.MasterKey, svcs []keyservice.KeyServiceClient)
| 928 | // decryptKey tries to decrypt the contents of the provided MasterKey with any |
| 929 | // of the key services, returning as soon as one key service succeeds. |
| 930 | func decryptKey(key keys.MasterKey, svcs []keyservice.KeyServiceClient) ([]byte, error) { |
| 931 | svcKey := keyservice.KeyFromMasterKey(key) |
| 932 | var part []byte |
| 933 | decryptErr := decryptKeyError{ |
| 934 | keyName: key.ToString(), |
| 935 | } |
| 936 | for _, svc := range svcs { |
| 937 | // All keys in a key group encrypt the same part, so as soon |
| 938 | // as we decrypt it successfully with one key, we need to |
| 939 | // proceed with the next group |
| 940 | var err error |
| 941 | if part == nil { |
| 942 | var rsp *keyservice.DecryptResponse |
| 943 | rsp, err = svc.Decrypt( |
| 944 | context.Background(), |
| 945 | &keyservice.DecryptRequest{ |
| 946 | Ciphertext: key.EncryptedDataKey(), |
| 947 | Key: &svcKey, |
| 948 | }) |
| 949 | if err == nil { |
| 950 | part = rsp.Plaintext |
| 951 | } |
| 952 | } |
| 953 | decryptErr.errs = append(decryptErr.errs, err) |
| 954 | } |
| 955 | if part != nil { |
| 956 | return part, nil |
| 957 | } |
| 958 | return nil, &decryptErr |
| 959 | } |
| 960 | |
| 961 | // GetDataKey retrieves the data key from the first MasterKey in the Metadata's KeySources that's able to return it, |
| 962 | // using the local KeyService |
no test coverage detected