chore: update kms_js to 4.0.0 and KMS image to 4.13.0

Cosmian · Mar 8, 2024 · 2c342e5 · 2c342e5
1 parent 497c97c
commit 2c342e5
Show file tree

Hide file tree

Showing 5 changed files with 32 additions and 31 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -16,7 +16,7 @@ jobs:
       subcommands: |
         python3 scripts/download_wasm.py
         npm install
-      kms-version: feature-covercrypt_rekey
+      kms-version: 4.13.0
       findex-cloud-version: 0.3.1
 
   lint:
@@ -34,7 +34,7 @@ jobs:
     with:
       subcommands: |
         npm test
-      kms-version: ghcr.io/cosmian/kms:feature-covercrypt_rekey
+      kms-version: 4.13.0
       kms-jwe-key:
         '{"kty": "OKP","d": "MPEVJwdRqGM_qhJOUb5hR0Xr9EvwMLZGnkf-eDj5fU8","use": "enc","crv": "X25519","kid": "DX3GC+Fx3etxfRJValQNbqaB0gs=","x":
         "gdF-1TtAjsFqNWr9nwhGUlFG38qrDUqYgcILgtYrpTY","alg": "ECDH-ES"}'
@@ -48,8 +48,8 @@ jobs:
     needs: test
     uses: Cosmian/reusable_workflows/.github/workflows/cloudproof_kms_js.yml@develop
     with:
-      branch: feature/covercrypt_rekey
-      kms-version: ghcr.io/cosmian/kms:feature-covercrypt_rekey
+      branch: develop
+      kms-version: ghcr.io/cosmian/kms:4.13.0
 
   cloudproof_java:
     needs: test
@@ -60,7 +60,7 @@ jobs:
       extension: so
       destination: linux-x86-64
       os: ubuntu-20.04
-      kms-version: ghcr.io/cosmian/kms:feature-covercrypt_rekey
+      kms-version: ghcr.io/cosmian/kms:4.13.0
       findex-cloud-version: 0.3.1
       copy_fresh_build: false
       copy_regression_files: |
@@ -74,7 +74,7 @@ jobs:
     with:
       branch: feature/covercrypt-rekey
       target: x86_64-unknown-linux-gnu
-      kms-version: ghcr.io/cosmian/kms:feature-covercrypt_rekey
+      kms-version: ghcr.io/cosmian/kms:4.13.0
       findex-cloud-version: 0.3.1
       copy_fresh_build: false
       copy_regression_files: |
@@ -86,7 +86,7 @@ jobs:
       - test
     uses: Cosmian/reusable_workflows/.github/workflows/cloudproof_flutter.yml@develop
     with:
-      branch: develop
+      branch: feature/covercrypt_rekey
       target: x86_64-unknown-linux-gnu
       extension: so
       copy_fresh_build: false
@@ -107,7 +107,7 @@ jobs:
         sleep 5
         cd ../test
         node chrome.mjs http://localhost:8090 http://kms:9998
-      kms-version: ghcr.io/cosmian/kms:feature-covercrypt_rekey
+      kms-version: 4.13.0
       findex-cloud-version: 0.3.1
 
   example_reactjs:
@@ -123,7 +123,7 @@ jobs:
         sleep 5
         cd ../test
         node chrome.mjs http://localhost:8090 http://kms:9998
-      kms-version: ghcr.io/cosmian/kms:feature-covercrypt_rekey
+      kms-version: 4.13.0
       findex-cloud-version: 0.3.1
 
   example_browser:
@@ -137,7 +137,7 @@ jobs:
         python3 -m http.server &
         sleep 3
         node test.mjs
-      kms-version: ghcr.io/cosmian/kms:feature-covercrypt_rekey
+      kms-version: 4.13.0
       findex-cloud-version: 0.3.1
 
   example_webpack:
@@ -159,7 +159,7 @@ jobs:
         cd examples/nodejs
         npm install
         node test.mjs 10
-      kms-version: ghcr.io/cosmian/kms:feature-covercrypt_rekey
+      kms-version: 4.13.0
       findex-cloud-version: 0.3.1
     secrets: inherit
 

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -5,7 +5,7 @@ version: "3"
 services:
   kms:
     container_name: kms
-    image: ghcr.io/cosmian/kms:4.11.3
+    image: ghcr.io/cosmian/kms:4.13.0
     ports:
       - 9998:9998
     environment:

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -41,7 +41,7 @@
   "dependencies": {
     "base64-js": "^1.5.1",
     "better-sqlite3": "^8.0.1",
-    "cloudproof_kms_js": "3.1.2",
+    "cloudproof_kms_js": "4.0.0",
     "dotenv": "^16.3.1",
     "jose": "^4.14.4",
     "process": "^0.11.10",

diff --git a/tests/cover_crypt.test.ts b/tests/cover_crypt.test.ts
@@ -416,20 +416,21 @@ test("Demo using KMS", async () => {
   }
 
   // new encryption or user key generation must use the new attribute name
-  {
-    const topSecretMkgCiphertext = await client.coverCryptEncrypt(
-      masterPublicKeyUID,
-      "Department::Marketing && Security Level::Top Secret",
-      topSecretMkgData,
-    )
+  const topSecretMarketingData = new TextEncoder().encode(
+    "top_secret_marketing_message",
+  )
+  const topSecretMarketingCiphertext = await client.coverCryptEncrypt(
+    masterPublicKeyUID,
+    "Department::Marketing && Security Level::Top Secret",
+    topSecretMarketingData,
+  )
 
-    // new "Marketing" message can still be decrypted with "MKG" keys
-    const topSecretMkgCleartext = await client.coverCryptDecrypt(
-      topSecretMkgFinUserKeyUid,
-      topSecretMkgCiphertext,
-    )
-    expect(topSecretMkgData).toEqual(topSecretMkgCleartext.plaintext)
-  }
+  // new "Marketing" message can still be decrypted with "MKG" keys
+  const topSecretMarketingCleartext = await client.coverCryptDecrypt(
+    topSecretMkgFinUserKeyUid,
+    topSecretMarketingCiphertext,
+  )
+  expect(topSecretMarketingData).toEqual(topSecretMarketingCleartext.plaintext)
 
   // Add new attributes
   await client.addCoverCryptAttribute(
@@ -496,7 +497,7 @@ test("Demo using KMS", async () => {
       protectedRdCiphertext,
     )
   } catch (error) {
-    // ==> Not able to decrypt
+    // ==> unable to decrypt data for a removed attribute
   }
 })