search

yandex-cloud / cloudapi

Interface definitions of Yandex.Cloud API
MIT License
77 stars 33 forks source link

Fix wrong description #14

Open polRk opened 2 years ago

polRk commented 2 years ago

Remove base64 requirements for ciphertext in SymmetricDecryptRequest.

When I submit ciphertext encoded in base64, I get an error message

rpc error: code = InvalidArgument desc = Bad ciphertext

In raw format, after - OK

Full code


type YCKMS struct {
    sdk   *ycsdk.SDK
    keyID string
}

func New(sdk *ycsdk.SDK, keyID string) KMS {
    return &YCKMS{sdk: sdk, keyID: keyID}
}

func (s *YCKMS) Encrypt(aadContext string, plaintext string) (keyID string, versionID string, ciphertext []byte, err error) {
    aadContextBuf := make([]byte, base64.RawStdEncoding.EncodedLen(len([]byte(aadContext))))
    plaintextBuf := make([]byte, base64.RawStdEncoding.EncodedLen(len(plaintext)))

    base64.RawStdEncoding.Encode(aadContextBuf, []byte(aadContext))
    base64.RawStdEncoding.Encode(plaintextBuf, []byte(plaintext))

    result, err := s.sdk.KMSCrypto().SymmetricCrypto().Encrypt(context.Background(), &kms.SymmetricEncryptRequest{
        KeyId:      s.keyID,
        AadContext: aadContextBuf,
        Plaintext:  plaintextBuf,
    })
    if err != nil {
        return "", "", nil, err
    }

    return result.KeyId, result.VersionId, result.Ciphertext, nil
}

func (s *YCKMS) Decrypt(aadContext string, ciphertext []byte) ([]byte, error) {
        aadContextBuf := make([]byte, base64.RawStdEncoding.EncodedLen(len([]byte(aadContext))))
    // ciphertextBuf := make([]byte, base64.RawStdEncoding.EncodedLen(len(ciphertext)))

    base64.RawStdEncoding.Encode(aadContextBuf, []byte(aadContext))
    // base64.RawStdEncoding.Encode(ciphertextBuf, ciphertext)

    result, err := s.sdk.KMSCrypto().SymmetricCrypto().Decrypt(context.Background(), &kms.SymmetricDecryptRequest{
        KeyId:      s.keyID,
        AadContext: aadContextBuf,
        Ciphertext: ciphertext, 
    })
    if err != nil {
        return nil, err
    }

    return result.Plaintext, nil
}

Usage

    keyID, versionID, ciphertext, err := k.Encrypt(Bot.ID, Bot.Token)
    if err != nil {
        panic(fmt.Errorf("cannot encrypt Bot.Token: %w", err))
    }

    plaintext, err := k.Decrypt(Bot.ID, Bot.TokenCiphertext)
    if err != nil {
        panic(fmt.Errorf("cannot dencrypt Bot.Token: %w", err))
    }

    plaintext, _ = base64.RawStdEncoding.DecodeString(string(plaintext))
        fmt.Println(string(plaintext))