Skip to content

Commit

Permalink
Merge branch 'main' into user/dhwanishah/adding-proxy-support
Browse files Browse the repository at this point in the history
  • Loading branch information
@djshah19
djshah19 committed Sep 23, 2023
2 parents f02102d + bb185cc commit 394faf0
Show file tree
Hide file tree
Showing 7 changed files with 92 additions and 4 deletions.
2 changes: 1 addition & 1 deletion go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ require (
github.com/Azure/go-autorest/autorest v0.9.0
github.com/Azure/go-autorest/autorest/date v0.2.0
github.com/google/uuid v1.3.0
github.com/microsoft/moc v0.11.0-alpha.28
github.com/microsoft/moc v0.11.0-alpha.29
google.golang.org/grpc v1.54.0
k8s.io/klog v1.0.0
)
Expand Down
5 changes: 5 additions & 0 deletions go.sum
View file
Original file line number Diff line number Diff line change
Expand Up @@ -579,8 +579,13 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
github.com/lyft/protoc-gen-star v0.6.0/go.mod h1:TGAoBVkt8w7MPG72TrKIu85MIdXwDuzJYeZuUPFPNwA=
github.com/lyft/protoc-gen-star v0.6.1/go.mod h1:TGAoBVkt8w7MPG72TrKIu85MIdXwDuzJYeZuUPFPNwA=
<<<<<<< HEAD
github.com/microsoft/moc v0.11.1-dhwani h1:KdKjyQCduDUvUILfPAN5LFokSd71WHQ4h7oLdA1ENBM=
github.com/microsoft/moc v0.11.1-dhwani/go.mod h1:EuYNwYdC667rnJSYcLcLHKTuQURy9GLm7n+SMDhK6ps=
=======
github.com/microsoft/moc v0.11.0-alpha.29 h1:SXqPMIXXdYlM5o3qlLU/cUf5kTByg/n8VWMMJ+Ls2bM=
github.com/microsoft/moc v0.11.0-alpha.29/go.mod h1:EuYNwYdC667rnJSYcLcLHKTuQURy9GLm7n+SMDhK6ps=
>>>>>>> main
github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=
github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU=
Expand Down
4 changes: 4 additions & 0 deletions services/security/keyvault/key/key.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -257,6 +257,8 @@ func getMOCAlgorithm(algo keyvault.JSONWebKeyEncryptionAlgorithm) (wssdcloudcomm
return wssdcloudcommon.Algorithm_RSAOAEP256, nil
case keyvault.A256KW:
return wssdcloudcommon.Algorithm_A256KW, nil
case keyvault.A256CBC:
return wssdcloudcommon.Algorithm_A256CBC, nil
}
return wssdcloudcommon.Algorithm_A_UNKNOWN, errors.Wrapf(errors.InvalidInput, "Invalid Algorithm [%s]", algo)
}
Expand Down Expand Up @@ -297,6 +299,8 @@ func GetMOCAlgorithmType(algo string) (keyvault.JSONWebKeyEncryptionAlgorithm, e
return keyvault.RSAOAEP256, nil
case "A-256-KW":
return keyvault.A256KW, nil
case "A-256-CBC":
return keyvault.A256CBC, nil
}
return keyvault.RSA15, errors.Wrapf(errors.InvalidInput, "Invalid Algorithm [%s]", algo)
}
Expand Down
34 changes: 34 additions & 0 deletions services/security/keyvault/key/wssd.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -302,6 +302,10 @@ func (c *client) Delete(ctx context.Context, group, name, vaultName string) erro
}

func (c *client) Encrypt(ctx context.Context, group, vaultName, name string, param *keyvault.KeyOperationsParameters) (result *keyvault.KeyOperationResult, err error) {
err = c.isSupportedEncryptionAlgorithm(param.Algorithm)
if err != nil {
return
}
request, err := c.getKeyOperationRequest(ctx, group, vaultName, name, param, wssdcloudcommon.ProviderAccessOperation_Key_Encrypt)
if err != nil {
return
Expand All @@ -315,6 +319,10 @@ func (c *client) Encrypt(ctx context.Context, group, vaultName, name string, par
}

func (c *client) Decrypt(ctx context.Context, group, vaultName, name string, param *keyvault.KeyOperationsParameters) (result *keyvault.KeyOperationResult, err error) {
err = c.isSupportedEncryptionAlgorithm(param.Algorithm)
if err != nil {
return
}
request, err := c.getKeyOperationRequest(ctx, group, vaultName, name, param, wssdcloudcommon.ProviderAccessOperation_Key_Decrypt)
if err != nil {
return
Expand All @@ -328,6 +336,10 @@ func (c *client) Decrypt(ctx context.Context, group, vaultName, name string, par
}

func (c *client) WrapKey(ctx context.Context, group, vaultName, name string, param *keyvault.KeyOperationsParameters) (result *keyvault.KeyOperationResult, err error) {
err = c.isSupportedWrapAlgorithm(param.Algorithm)
if err != nil {
return
}
request, err := c.getKeyOperationRequest(ctx, group, vaultName, name, param, wssdcloudcommon.ProviderAccessOperation_Key_WrapKey)
if err != nil {
return
Expand All @@ -341,6 +353,10 @@ func (c *client) WrapKey(ctx context.Context, group, vaultName, name string, par
}

func (c *client) UnwrapKey(ctx context.Context, group, vaultName, name string, param *keyvault.KeyOperationsParameters) (result *keyvault.KeyOperationResult, err error) {
err = c.isSupportedWrapAlgorithm(param.Algorithm)
if err != nil {
return
}
request, err := c.getKeyOperationRequest(ctx, group, vaultName, name, param, wssdcloudcommon.ProviderAccessOperation_Key_UnwrapKey)
if err != nil {
return
Expand Down Expand Up @@ -562,3 +578,21 @@ func (c *client) getKeyOperationRequestVerify(ctx context.Context,
return request, nil

}

func (c *client) isSupportedEncryptionAlgorithm(algorithm keyvault.JSONWebKeyEncryptionAlgorithm) error {
switch algorithm {
case keyvault.A256CBC:
return nil
default:
return errors.Wrapf(errors.InvalidInput, "Invalid Algorithm")
}
}

func (c *client) isSupportedWrapAlgorithm(algorithm keyvault.JSONWebKeyEncryptionAlgorithm) error {
switch algorithm {
case keyvault.A256KW:
return nil
default:
return errors.Wrapf(errors.InvalidInput, "Invalid Algorithm")
}
}
43 changes: 43 additions & 0 deletions services/security/keyvault/key/wssd_test.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
package key

import (
"testing"

"github.com/microsoft/moc-sdk-for-go/services/security/keyvault"
)

func TestEncryptValidation_invalidAlgorithm(t *testing.T) {
mockClient := &client{nil}
err := mockClient.isSupportedEncryptionAlgorithm(keyvault.A256KW)

if err == nil {
t.Errorf("Expected error")
}
}

func TestEncryptValidation_validAlgorithm(t *testing.T) {
mockClient := &client{nil}
err := mockClient.isSupportedEncryptionAlgorithm(keyvault.A256CBC)

if err != nil {
t.Errorf("Unexpected error %+v", err)
}
}

func TestWrapValidation_invalidAlgorithm(t *testing.T) {
mockClient := &client{nil}
err := mockClient.isSupportedWrapAlgorithm(keyvault.A256CBC)

if err == nil {
t.Errorf("Expected error")
}
}

func TestWrapValidation_validAlgorithm(t *testing.T) {
mockClient := &client{nil}
err := mockClient.isSupportedWrapAlgorithm(keyvault.A256KW)

if err != nil {
t.Errorf("Unexpected error %+v", err)
}
}
4 changes: 3 additions & 1 deletion services/security/keyvault/keyvault.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -117,11 +117,13 @@ const (
RSAOAEP256 JSONWebKeyEncryptionAlgorithm = "RSA-OAEP-256"
// A256KW AES Key Wrap with 256 bit key-encryption key
A256KW JSONWebKeyEncryptionAlgorithm = "A256KW"
// A256CBC AES-CBC with 256 bit encryption key
A256CBC JSONWebKeyEncryptionAlgorithm = "A256CBC"
)

// KeyOperationsParameters the key operations parameters.
type KeyOperationsParameters struct {
// Algorithm - algorithm identifier. Possible values include: 'RSAOAEP', 'RSAOAEP256', 'RSA15', 'A256KW'
// Algorithm - algorithm identifier. Possible values include: 'RSAOAEP', 'RSAOAEP256', 'RSA15', 'A256KW', "A256CBC"
Algorithm JSONWebKeyEncryptionAlgorithm `json:"alg,omitempty"`
// Value - a URL-encoded base64 string
Value *string `json:"value,omitempty"`
Expand Down
4 changes: 2 additions & 2 deletions wrapper/cpp/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -88,7 +88,7 @@ func KeyvaultKeyEncryptDataCV(serverName *C.char, groupName *C.char, keyvaultNam

parameters := &keyvault.KeyOperationsParameters{
Value: &value,
Algorithm: keyvault.A256KW,
Algorithm: keyvault.A256CBC,
}

response, err := keyClient.Encrypt(ctx, C.GoString(groupName), C.GoString(keyvaultName), C.GoString(keyName), parameters)
Expand Down Expand Up @@ -125,7 +125,7 @@ func KeyvaultKeyDecryptDataCV(serverName *C.char, groupName *C.char, keyvaultNam

parameters := &keyvault.KeyOperationsParameters{
Value: &value,
Algorithm: keyvault.A256KW,
Algorithm: keyvault.A256CBC,
}

response, err := keyClient.Decrypt(ctx, C.GoString(groupName), C.GoString(keyvaultName), C.GoString(keyName), parameters)
Expand Down

0 comments on commit 394faf0

Please sign in to comment.