search

aws-samples / aws-kms-xks-proxy

AWS KMS External Keystore (XKS) Proxy reference implementation
Apache License 2.0
35 stars 11 forks source link

getMetadata returns invalid data for aes 256 key #51

Open bgardner-noggin opened 2 months ago

bgardner-noggin commented 2 months ago

Problem:

The key that is generated in the Dockerfile with the pkcs11-tool command gets returned by the xks-proxy

{
  "keySpec": "RSA_0",
  "keyUsage": [],
  "keyStatus": "ENABLED"
}

instead of

{
  "keySpec": "AES_256",
  "keyUsage": [
    "ENCRYPT",
    "DECRYPT",
    "SIGN",
    "VERIFY",
    "WRAP",
    "UNWRAP"
  ],
  "keyStatus": "ENABLED"
}

I attempted to use rust-gdb to figure out what was going on, however, when using a version compiled with debuginfo (drop the --release flag, and use target/debug/xks-proxy) the correct values are returned

HarshVaragiya commented 1 month ago

I just created a PR to fix this. Tagging rust version to 1.75.0 seems to fix this issue. https://github.com/aws-samples/aws-kms-xks-proxy/pull/54