Skip to content

Commit

Permalink
feat: replace KMS rotate with rekey and prune
Browse files Browse the repository at this point in the history
  • Loading branch information
Hugo Rosenkranz-Costa committed Mar 1, 2024
1 parent 3b70bb8 commit c325a32
Show file tree
Hide file tree
Showing 5 changed files with 56 additions and 33 deletions.
16 changes: 8 additions & 8 deletions .github/workflows/ci.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ jobs:
with:
subcommands: |
npm test
kms-version: feature-covercrypt_rekey
kms-version: ghcr.io/cosmian/kms:feature-covercrypt_rekey
kms-jwe-key:
'{"kty": "OKP","d": "MPEVJwdRqGM_qhJOUb5hR0Xr9EvwMLZGnkf-eDj5fU8","use": "enc","crv": "X25519","kid": "DX3GC+Fx3etxfRJValQNbqaB0gs=","x":
"gdF-1TtAjsFqNWr9nwhGUlFG38qrDUqYgcILgtYrpTY","alg": "ECDH-ES"}'
Expand All @@ -49,7 +49,7 @@ jobs:
uses: Cosmian/reusable_workflows/.github/workflows/cloudproof_kms_js.yml@develop
with:
branch: feature/covercrypt_rekey
kms-version: feature-covercrypt_rekey
kms-version: ghcr.io/cosmian/kms:feature-covercrypt_rekey

cloudproof_java:
needs: test
Expand All @@ -60,7 +60,7 @@ jobs:
extension: so
destination: linux-x86-64
os: ubuntu-20.04
kms-version: feature-covercrypt_rekey
kms-version: ghcr.io/cosmian/kms:feature-covercrypt_rekey
findex-cloud-version: 0.3.1
copy_fresh_build: false
copy_regression_files: |
Expand All @@ -74,7 +74,7 @@ jobs:
with:
branch: feature/covercrypt-rekey
target: x86_64-unknown-linux-gnu
kms-version: feature-covercrypt_rekey
kms-version: ghcr.io/cosmian/kms:feature-covercrypt_rekey
findex-cloud-version: 0.3.1
copy_fresh_build: false
copy_regression_files: |
Expand Down Expand Up @@ -107,7 +107,7 @@ jobs:
sleep 5
cd ../test
node chrome.mjs http://localhost:8090 http://kms:9998
kms-version: 4.11.3
kms-version: ghcr.io/cosmian/kms:feature-covercrypt_rekey
findex-cloud-version: 0.3.1

example_reactjs:
Expand All @@ -123,7 +123,7 @@ jobs:
sleep 5
cd ../test
node chrome.mjs http://localhost:8090 http://kms:9998
kms-version: 4.11.3
kms-version: ghcr.io/cosmian/kms:feature-covercrypt_rekey
findex-cloud-version: 0.3.1

example_browser:
Expand All @@ -137,7 +137,7 @@ jobs:
python3 -m http.server &
sleep 3
node test.mjs
kms-version: 4.11.3
kms-version: ghcr.io/cosmian/kms:feature-covercrypt_rekey
findex-cloud-version: 0.3.1

example_webpack:
Expand All @@ -159,7 +159,7 @@ jobs:
cd examples/nodejs
npm install
node test.mjs 10
kms-version: 4.11.3
kms-version: ghcr.io/cosmian/kms:feature-covercrypt_rekey
findex-cloud-version: 0.3.1
secrets: inherit

Expand Down
2 changes: 1 addition & 1 deletion package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

18 changes: 7 additions & 11 deletions tests/KMS.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -362,16 +362,15 @@ test(
}

// rotate
const rotatedPolicy = await client.rotateCoverCryptAttributes(mskID, [
"Department::FIN",
"Department::MKG",
])
await client.rekeyCoverCryptAccessPolicy(
mskID,
"Department::FIN || Department::MKG",
)

const rotatedMsk = await client.retrieveCoverCryptSecretMasterKey(mskID)
expect(rotatedMsk.bytes()).not.toEqual(msk.bytes())
const rotatedMpk = await client.retrieveCoverCryptPublicMasterKey(mpkID)
expect(rotatedMpk.bytes()).not.toEqual(mpk.bytes())
expect(policy.toBytes()).not.toEqual(rotatedPolicy.toBytes())

// encryption
const plaintext2 = new TextEncoder().encode("abcdefgh")
Expand Down Expand Up @@ -543,7 +542,7 @@ test(
return await client?.coverCryptDecrypt(temperedUserKeyID, ciphertext)
}).rejects.toThrow()

await client.rotateCoverCryptAttributes(mskID, ["Security::TopSecret"])
await client.rekeyCoverCryptAccessPolicy(mskID, "Security::TopSecret")

await expect(async () => {
return await client?.coverCryptDecrypt(userKeyID, ciphertext)
Expand Down Expand Up @@ -648,13 +647,10 @@ test(
oldPlaintext,
)

const newPolicyBytes = await client.rotateCoverCryptAttributes(mskID, [
"Security::Simple",
])
const newPolicy = Policy.fromBytes(newPolicyBytes.toBytes())
await client.rekeyCoverCryptAccessPolicy(mskID, "Security::Simple")
const newPublicKey = await client.retrieveCoverCryptPublicMasterKey(mpkID)
const newLocalEncryption = new CoverCryptHybridEncryption(
newPolicy,
policy,
newPublicKey.bytes(),
)
expect(newPublicKey.bytes()).not.toEqual(oldPublicKey.bytes())
Expand Down
35 changes: 31 additions & 4 deletions tests/cover_crypt.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -316,9 +316,10 @@ test("Demo using KMS", async () => {
await client.retrieveCoverCryptUserDecryptionKey(confidentialMkgUserKeyUid)

// Now rotate the MKG attribute - all active keys will be rekeyed, the new policy should be used to encrypt
const updatedPolicy = client.rotateCoverCryptAttributes(masterSecretKeyUID, [
await client.rekeyCoverCryptAccessPolicy(
masterSecretKeyUID,
"Department::MKG",
])
)

// creating a new confidential marketing message
const confidentialMkgData = new TextEncoder().encode(
Expand Down Expand Up @@ -360,12 +361,38 @@ test("Demo using KMS", async () => {
// newConfidentialMkgCiphertext
try {
// will throw
new CoverCryptHybridDecryption(oldConfidentialMkgUserKey.bytes()).decrypt(
newConfidentialMkgCiphertext,
let x = new CoverCryptHybridDecryption(
oldConfidentialMkgUserKey.bytes(),
).decrypt(newConfidentialMkgCiphertext)
console.log(new TextDecoder("utf-8").decode(x.plaintext))
} catch (error) {
// ==> the non rekeyed key cannot decrypt the new message after rotation
}

// Prune: remove old keys for the MKG attribute

await client.pruneCoverCryptAccessPolicy(
masterSecretKeyUID,
"Department::MKG",
)

// Decrypting old messages will fail even with the rekeyed key
try {
// will throw
await client.coverCryptDecrypt(
confidentialMkgUserKeyUid,
protectedMkgCiphertext,
)
} catch (error) {
// ==> the non rekeyed key cannot decrypt the new message after rotation
}

// Decrypting the new message will still work
const newConfidentialMkgCleartext_ = await client.coverCryptDecrypt(
confidentialMkgUserKeyUid,
newConfidentialMkgCiphertext,
)
expect(confidentialMkgData).toEqual(newConfidentialMkgCleartext_.plaintext)
})

test("Generate non-regression tests vector", async () => {
Expand Down
18 changes: 9 additions & 9 deletions tests/data/cover_crypt/non_regression/non_regression_test_vector.json
View file
Original file line number Diff line number Diff line change
@@ -1,37 +1,37 @@
{
"public_key": "+GfkiH4pEYfI4wDqiqNbEsQ0u12ji4lgeJ6vPdriRWzuXCt+qWauPtA6qVGYnqWIXlvxAyprnfgzow6yY3iLSxQCAQgAZtfuq+BdYsYFtVJXsvhPhT1lj74aeAzEzhLa+43+kXcCAgYABEOIBd/pcQNgB2I6ssEbANVQhMzusY7AmsNjrcj0lSkCBAgAoPU4Jn/HkpCsUEOLKUalVyUQRH/+oYasHw7wm8yjKUYCAwYAHptX2HS9zVKGH9C1j3eK4zMGpRDemWLGS8niv3Ln2RQCBAkA3D1nrsYhxqq+e3d8Sy4Q/Py0rbKDgJwkFqWDg09y7B8CAgcAxJvpfD0cJ+0X1PV8pMNoeyUtOev5g+PWjJwCjaQifS4CAQcA1HQVP4WCx2hkMdyiuFO7ae6MpDtcOabOZ1ODgG+vw3cCBQkARjPbTTC6QM3jQaJ2W1vtrNOFtM2QnDpWUOLZtUnrQCkCBQgA3KsfBTrQrckqxjZtGaRwPwx4xxLxfvdOQjPdl2Bn0hsCBQYAUiXg8RfJN5zHY2JADpSMfdOMQ4+t66Y9dQXg+Ql2OUICBAYAmJkjnnwIMZ1IrHiow8dz0Nx3cim5uNEgld7R0aR0I0gCBAcA0EH8CDUtRK4simZ9ePGOcrVHRZZXCfvH7QBgsEDlISYCAwgAAme7hFdeaCtgw3428ST0p7FeA5I0FAPKUl8MZs918HoCAgkAjtqjxHmtBJz2bYrERfygk/FR9ZT9XceqT0QSJgrSEBYCAQYAFjKPAlslhiZIl/YoehtKIz5XeUL/qYOG1kZO2JGpemsCAggAYqTIjwGlXr81yiBmazBgqr5qPobNjYkrcxgaYeuthF8CAQkAommhx/grMTVLii87gRRgJwXkycNj/ckk2mfnGbsNHzMCBQcA8jg8GpWQ3UxAUi9j6wAXZTYfGEINSyBwkfClMqF5VTICAwcAEDHXEb2jGIlo+nVVguOBVxinzUt/dSK0vOMosxCclVUCAwkABPdcHvX5Cdj83Gl+TXlVD/SY+YPYaL4HHjl05TLOn14=",
"master_secret_key": "WR7OWkhy8fdAqHjr88n0KPVdAxzK3sTa2D9F5EL3vApR/xnlJ3aE1rUoCVrGq/2N8yZyg7mb0LuGdkucwUytCl8GLse6RlTB+4CQ+Qo95KSrruGHCbsY4vnqhSLxp6AOFAIECADcsLR4jehhtZweuF69MM43fj4KOANVV8nZG2sO/Qu5DwIBCAD072PG1Ds/WGTzaiA6a5E/trgoYqrnCXy0X752zphKCwIFCADPwKLlHCiscpyjoAuNQeinxqvQnebZ1BCOgjmVdbNWBgIECQDjgpQhM69Dq5dymUicbx5Ry9cK6SCNfVvkIg6sFz26BAICBwB1Qfm4Lu9mXa0PWA0fmiTERpx7VLIlAGM93sET+uv9BAICCAApQIOaYmgWJDJGm1SAqkpzKMUonJpDLlLMCfSSLUm+AgIFBgAwLrVnaPrrni35WsCL9OcrI8Tq9LkgcbpZd1c8zch+CwIDCABGHR1Eum5500Jf9vm/Ak6wsRU9edmRTmsbq6dRU5y/AwIDCQCAby6a4I3PwQI9W7EBe4VP+nDg3nq1pRMUW7xvoMhoAgIFCQAsj1RBtNVfpRvQm1w8RSSYUGw/iAQq/u9VB4Tzge5zCgIBCQAalnLZ5YbzUWVIiJhjvI/oEXPaLaEltpLWib0elvzMBAIEBwD6pCqpUhOGq/i3NEACuZQ+uC33PpUCExpXMaQDarb0CwIDBgDWK5Vh/qnhCFU5iKwgIhNqGKt9I9CwywlR6F0DlVinAwIBBgApxhFd8vH7ZYX4IKNLog/cqX+xoQaNKyGK+hs3/gamAQICCQCNwg+F4A249NnQopvTHwm5mwdqS2gVKA2+zd0lXGQ9BwIBBwBFZeiAOHVK7lqKOzcz6Uyfp29BDF0NdLGlaqrE8f1ABgICBgD5H/yT1K8Hjp4oaUsYiFFUchUlhV1mMfLBbUEpkcvaBwIFBwBawm8F/D8GD2WsnaWc6UG1S7pIioM6r+OXdjHdU1pvDwIEBgCGhvqXlOj1Ad54Eq3f0XedUOAYpB5aK2TrAp8MtRzbCwIDBwCpbD/M8zrahk4r2VdP8TSN5hpxZVjCY92ehELyZIItAA==",
"policy": "eyJ2ZXJzaW9uIjoiVjEiLCJsYXN0X2F0dHJpYnV0ZV92YWx1ZSI6OSwibWF4X2F0dHJpYnV0ZV9jcmVhdGlvbnMiOjEwMCwiYXhlcyI6eyJTZWN1cml0eSBMZXZlbCI6eyJhdHRyaWJ1dGVfbmFtZXMiOlsiUHJvdGVjdGVkIiwiTG93IFNlY3JldCIsIk1lZGl1bSBTZWNyZXQiLCJIaWdoIFNlY3JldCIsIlRvcCBTZWNyZXQiXSwiaXNfaGllcmFyY2hpY2FsIjp0cnVlfSwiRGVwYXJ0bWVudCI6eyJhdHRyaWJ1dGVfbmFtZXMiOlsiUiZEIiwiSFIiLCJNS0ciLCJGSU4iXSwiaXNfaGllcmFyY2hpY2FsIjpmYWxzZX19LCJhdHRyaWJ1dGVzIjp7IlNlY3VyaXR5IExldmVsOjpMb3cgU2VjcmV0Ijp7InZhbHVlcyI6WzJdLCJlbmNyeXB0aW9uX2hpbnQiOiJDbGFzc2ljIn0sIlNlY3VyaXR5IExldmVsOjpUb3AgU2VjcmV0Ijp7InZhbHVlcyI6WzVdLCJlbmNyeXB0aW9uX2hpbnQiOiJDbGFzc2ljIn0sIkRlcGFydG1lbnQ6OlImRCI6eyJ2YWx1ZXMiOls2XSwiZW5jcnlwdGlvbl9oaW50IjoiQ2xhc3NpYyJ9LCJEZXBhcnRtZW50OjpNS0ciOnsidmFsdWVzIjpbOF0sImVuY3J5cHRpb25faGludCI6IkNsYXNzaWMifSwiRGVwYXJ0bWVudDo6RklOIjp7InZhbHVlcyI6WzldLCJlbmNyeXB0aW9uX2hpbnQiOiJDbGFzc2ljIn0sIlNlY3VyaXR5IExldmVsOjpQcm90ZWN0ZWQiOnsidmFsdWVzIjpbMV0sImVuY3J5cHRpb25faGludCI6IkNsYXNzaWMifSwiRGVwYXJ0bWVudDo6SFIiOnsidmFsdWVzIjpbN10sImVuY3J5cHRpb25faGludCI6IkNsYXNzaWMifSwiU2VjdXJpdHkgTGV2ZWw6Ok1lZGl1bSBTZWNyZXQiOnsidmFsdWVzIjpbM10sImVuY3J5cHRpb25faGludCI6IkNsYXNzaWMifSwiU2VjdXJpdHkgTGV2ZWw6OkhpZ2ggU2VjcmV0Ijp7InZhbHVlcyI6WzRdLCJlbmNyeXB0aW9uX2hpbnQiOiJDbGFzc2ljIn19fQ==",
"public_key": "RFpHnkIMOhx7k1mGUxvtOAT3KQ+suI6PZ317rTaRRT/K+4KHxqewyz8yp5peB0cdCAsZ2Yc2T0Mm+ic5FJnPVBQCAQYA8Fn7ViBa/pjQA7k/VoLI4ge/BPFYRt2yABDfgZyHwXkCAwYAztSmQAz/OrBJysJnAtugsphKwWvIW5zPHE/skRJp6lMCBQcAQLiRSJCJeglLyCfnp4uNCbB4G3rAIlPeEaCIoFY6JDUCBAcAEpaL5zTTotApTL3C+jj/TtozTjjyfUDvJ1FdZrj4RRcCAggAKJK+wexg3RJ7ZgyEg6+6suQU28HB319TZ0cb57rXxG8CAQgAgtomEmTkf29+vrdL1fOdlH+bIuYRwuljfpk+Gn0DI24CBAYAXqBR3UCmajgSEXy/T83FXBTAstY5aIYWb3EwiuPjkxkCAwkA7OI9eHamg07tSoK3Zar9QgFiyOMyf75hODHLs6HDeRkCAwgAOmkOEN5IZitHsR2v8kJeEukanm5dnfTS0NNINlgPHXYCBAkAmmFlZDBway8Om1UL15vvTYwVp31hndbFrzCiUKzzf20CAwcATgO/l4hhssHd/O/BD6AN/ZK/9yF77eGde2PhW9Gp/T4CAQkAksXwJvxSvJ+NzwoJmJO6z7nae7pOj0rh0SLQX738aEMCAgcA0HRkyuzPAKVaE7AzjtA2Qq1WRin3YX4/O9ath+DZ8h4CBAgArH/cIgDzTp5XKdpLV4NvAHG6Xc6Wvc9iwW1ELZFu6loCAgYAqi7CKud9YeXvaKTJ7v1A5K5rsXxEwtTIJ+TRMKkk4xQCBQYAIPrE3ca2Gy1gQmGHdHPeEP+112x5Cu2T9JPV6OD0FHwCAgkAtm0r6E5HUKLFuuHWkwJManksO8hFlFyomqx1/V58hCcCAQcAkm4yoY6/DNOm06A2LeHQC3GRfO2svKJ+rl2DZMJsGHICBQkATmvGBeMAAgRo+1lbKCKB7uifChZknptkZG0oAQGYOnQCBQgAdEQz1IVong00rN0zLm0bNapzN1w4oZpKyd84TY/y1g4=",
"master_secret_key": "a/JbRKmM5LI4jhun7QLYeBBFT9czUqxOc6/i7UNWjAo87c4HU/8TgtSSPkGuMLvBDr/zKyXB7SDkmxwxvcrEDJDwmd2qRnRTNnNkru0lMQqKIFdLySliZJKh4r74818LFAICCAEApjLQDjZG6l6LeWyOTSlS/Er4i3Cs85+M80Di8H+QXQ0CAQkBABBo0F6IRagY9QRC53eO1V51lo3bzxyM0SI8ByJJxMwBAgUHAQBMiyo9xzsP1iRqAFcXsKePDm0Db1kk1+uVh9dMzEJiDgIECAEA7GHPHRx3nf/SFNOVflka+URVcaa7l3Dafm9oZfRgegACAwgBAPVRvvpRgFA2IjjV+8ktUDc7nq+fv83CeObqmC9BarsGAgIGAQDbttzb7PZFWwcVQc77TnGSh6wN4zF/4Gbv/Po7axYaCgIBBgEAI0OJndYcymTLMcZuT84XyEK8HSKgfe22PGvZXgMSIAACBQkBAP7JiLGLcJVKFW4XoCTGupCzQoPxOTNwxvTaj0Aw9cgCAgEHAQBoI2oTgsZRpkv/AUYP9hZXNXmBsbkuouMh2mXlg2sbAgIEBwEA4vjHxoGD86+9Ck8zqzsXLccBkCTYn6PXTVKzwds/uQgCBQYBAHVahZ7QV7qjrZrxLI7isR+tFLHdSN/HE3IQHfuXwOsFAgMHAQAiPBStU7AcNJwBLgQ3FLDIKiPM24kKXWTYpbxkyKCJDwIFCAEA58sEzwEdCNm/Mv7emO+ZJm7vcKiyzmL4IPnEq3UJEAICBAYBAGDHyjXbD0W1ALYneH1kQqzLQxTduyCOYIjmsaK8m2EEAgIHAQCsFFrly6jDQeaGTrkNjuv8UO844pia012daHWWQPCXCwIDCQEA6GP16BOfxO7fb5wOCNQ+Gg6ko531uVA/nyrgW8GJDgQCAQgBAHaIcoLgtj7itPhhUxqQJk2fbAKkFXOGUctQiy6VVSsDAgMGAQBlhhRiDQVJpHO+VvVqCWo+RIgveLOKXDAP+JTSWkeeCwIECQEArRHP/0u1+gQbT36Ksc98qshHiAWPhVAQmaRHND+q+QYCAgkBAAakedM6+vO5pmEliEa5Wi39Znwht2qwwN7hYI8uIIQHOlpn3OB3pJntnKjNhAqgng==",
"policy": "eyJ2ZXJzaW9uIjoiVjIiLCJsYXN0X2F0dHJpYnV0ZV92YWx1ZSI6OSwiZGltZW5zaW9ucyI6eyJTZWN1cml0eSBMZXZlbCI6eyJPcmRlcmVkIjp7IlByb3RlY3RlZCI6eyJpZCI6MSwiZW5jcnlwdGlvbl9oaW50IjoiQ2xhc3NpYyIsIndyaXRlX3N0YXR1cyI6IkVuY3J5cHREZWNyeXB0In0sIkxvdyBTZWNyZXQiOnsiaWQiOjIsImVuY3J5cHRpb25faGludCI6IkNsYXNzaWMiLCJ3cml0ZV9zdGF0dXMiOiJFbmNyeXB0RGVjcnlwdCJ9LCJNZWRpdW0gU2VjcmV0Ijp7ImlkIjozLCJlbmNyeXB0aW9uX2hpbnQiOiJDbGFzc2ljIiwid3JpdGVfc3RhdHVzIjoiRW5jcnlwdERlY3J5cHQifSwiSGlnaCBTZWNyZXQiOnsiaWQiOjQsImVuY3J5cHRpb25faGludCI6IkNsYXNzaWMiLCJ3cml0ZV9zdGF0dXMiOiJFbmNyeXB0RGVjcnlwdCJ9LCJUb3AgU2VjcmV0Ijp7ImlkIjo1LCJlbmNyeXB0aW9uX2hpbnQiOiJDbGFzc2ljIiwid3JpdGVfc3RhdHVzIjoiRW5jcnlwdERlY3J5cHQifX19LCJEZXBhcnRtZW50Ijp7IlVub3JkZXJlZCI6eyJGSU4iOnsiaWQiOjksImVuY3J5cHRpb25faGludCI6IkNsYXNzaWMiLCJ3cml0ZV9zdGF0dXMiOiJFbmNyeXB0RGVjcnlwdCJ9LCJIUiI6eyJpZCI6NywiZW5jcnlwdGlvbl9oaW50IjoiQ2xhc3NpYyIsIndyaXRlX3N0YXR1cyI6IkVuY3J5cHREZWNyeXB0In0sIk1LRyI6eyJpZCI6OCwiZW5jcnlwdGlvbl9oaW50IjoiQ2xhc3NpYyIsIndyaXRlX3N0YXR1cyI6IkVuY3J5cHREZWNyeXB0In0sIlImRCI6eyJpZCI6NiwiZW5jcnlwdGlvbl9oaW50IjoiQ2xhc3NpYyIsIndyaXRlX3N0YXR1cyI6IkVuY3J5cHREZWNyeXB0In19fX19",
"top_secret_mkg_fin_key": {
"key": "xAKfiVTXo78XGkQP/2GkZmebOMoYaxnJ7EseMNnHSQB7sCcSGX5WJ6/lH5I9XHuONIzGrQPyxwFzYL61fWvCAwoALI9UQbTVX6Ub0JtcPEUkmFBsP4gEKv7vVQeE84HucwoA3LC0eI3oYbWcHrhevTDON34+CjgDVVfJ2RtrDv0LuQ8Az8Ci5RworHKco6ALjUHop8ar0J3m2dQQjoI5lXWzVgYA44KUITOvQ6uXcplInG8eUcvXCukgjX1b5CIOrBc9ugQARh0dRLpuedNCX/b5vwJOsLEVPXnZkU5rG6unUVOcvwMA9O9jxtQ7P1hk82ogOmuRP7a4KGKq5wl8tF++ds6YSgsAGpZy2eWG81FlSIiYY7yP6BFz2i2hJbaS1om9Hpb8zAQAgG8umuCNz8ECPVuxAXuFT/pw4N56taUTFFu8b6DIaAIAjcIPheANuPTZ0KKb0x8JuZsHaktoFSgNvs3dJVxkPQcAKUCDmmJoFiQyRptUgKpKcyjFKJyaQy5SzAn0ki1JvgI=",
"key": "va2UH4Zyw1hkbC2qxD2rhjRsWAeBSffG2lR++xLNjw7f8N6n0wSdY+OiXpgwaR0nbgn7yJeQU6jdprM1NIeeCQoCAgkBAAakedM6+vO5pmEliEa5Wi39Znwht2qwwN7hYI8uIIQHAgMIAQD1Ub76UYBQNiI41fvJLVA3O56vn7/Nwnjm6pgvQWq7BgIFCQEA/smIsYtwlUoVbhegJMa6kLNCg/E5M3DG9NqPQDD1yAICBAgBAOxhzx0cd53/0hTTlX5ZGvlEVXGmu5dw2n5vaGX0YHoAAgQJAQCtEc//S7X6BBtPfoqxz3yqyEeIBY+FUBCZpEc0P6r5BgIBCQEAEGjQXohFqBj1BELnd47VXnWWjdvPHIzRIjwHIknEzAECAQgBAHaIcoLgtj7itPhhUxqQJk2fbAKkFXOGUctQiy6VVSsDAgIIAQCmMtAONkbqXot5bI5NKVL8SviLcKzzn4zzQOLwf5BdDQIFCAEA58sEzwEdCNm/Mv7emO+ZJm7vcKiyzmL4IPnEq3UJEAICAwkBAOhj9egTn8Tu32+cDgjUPhoOpKOd9blQP58q4FvBiQ4EOD/Qqj7MqrHOJ2JWqmftY24fqvjnD+teQQVrodhOC+Q=",
"access_policy": "Security Level::Top Secret && (Department::MKG || Department::FIN)"
},
"medium_secret_mkg_key": {
"key": "D8aq5phmMNSEpjNplrQ5Vf8PWyWiSU1ygwU6hd4tZw56BicJR8eyWNtF4cO7GyIz3uca2vnjM5lkVRuqDCxrDwMARh0dRLpuedNCX/b5vwJOsLEVPXnZkU5rG6unUVOcvwMAKUCDmmJoFiQyRptUgKpKcyjFKJyaQy5SzAn0ki1JvgIA9O9jxtQ7P1hk82ogOmuRP7a4KGKq5wl8tF++ds6YSgs=",
"key": "mgg9Z3gM+gPPklwb3Le/1HrrYldwktjOsfUM7wkwEwqj6M7Ii1EUhkN3rOc2YETvW/5rxkMHOWBtWaOmjX+yAAMCAQgBAHaIcoLgtj7itPhhUxqQJk2fbAKkFXOGUctQiy6VVSsDAgIIAQCmMtAONkbqXot5bI5NKVL8SviLcKzzn4zzQOLwf5BdDQIDCAEA9VG++lGAUDYiONX7yS1QNzuer5+/zcJ45uqYL0Fquwboa167tKvFlgu/6F6qihpzg1UKUfuU5vAoi7bBe7M9Pw==",
"access_policy": "Security Level::Medium Secret && Department::MKG"
},
"top_secret_fin_key": {
"key": "tAZx2AozFHlggtlYh0F5Sxqb1Nlwc5VICcu8pU5OFQzLDuBbR8hQd+LG/cjhyyUVMr1EcEyAb9/TXxsZWzJ7AgUAgG8umuCNz8ECPVuxAXuFT/pw4N56taUTFFu8b6DIaAIAGpZy2eWG81FlSIiYY7yP6BFz2i2hJbaS1om9Hpb8zAQA44KUITOvQ6uXcplInG8eUcvXCukgjX1b5CIOrBc9ugQAjcIPheANuPTZ0KKb0x8JuZsHaktoFSgNvs3dJVxkPQcALI9UQbTVX6Ub0JtcPEUkmFBsP4gEKv7vVQeE84Hucwo=",
"key": "F1X3brkDxWcpo2KZQjDtgV1uhOA4jswYa6grpWtFWwZIDfei3ET7aIfl9eYFh7RHw7/6Uzoahg/fBw75eyl2BwUCAwkBAOhj9egTn8Tu32+cDgjUPhoOpKOd9blQP58q4FvBiQ4EAgIJAQAGpHnTOvrzuaZhJYhGuVot/WZ8IbdqsMDe4WCPLiCEBwIECQEArRHP/0u1+gQbT36Ksc98qshHiAWPhVAQmaRHND+q+QYCAQkBABBo0F6IRagY9QRC53eO1V51lo3bzxyM0SI8ByJJxMwBAgUJAQD+yYixi3CVShVuF6AkxrqQs0KD8TkzcMb02o9AMPXIAhzJOeYoZYuFN8uMUklwx9ThxMR0OKmd5OZIy1u8nKEy",
"access_policy": "Security Level::Top Secret && Department::FIN"
},
"top_secret_mkg_test_vector": {
"encryption_policy": "Department::MKG && Security Level::Top Secret",
"plaintext": "VG9wU2VjcmV0TWtnUGxhaW50ZXh0",
"ciphertext": "YJ9hJ9VMTqK9zuQA/Hmh8AhMM+C5DG3OR4G8X6j5yjjCfZPjtQcEdRhd10HzZpfnl+20nCs2mXHiuw/wtYxZA+5edQDCiPzzmdVTZDy/IZUBAGZ3VupClImg04XK8/BUWGXugDisWlXzRdqg4RhjVxCFIm5L9IIMBQkyNpLp6/67PzpsTK7bcBU6YAndFSIQ9Ped0x6stdXb6tCP58XFSFmYjWnw67FZMZkYMr+vg+BaK4yHdzIssjPWdL7l0tjpLvHv3GB0",
"ciphertext": "PGxvFGCxXE9wIpxBif7x+ULyzB6Jb1TZ2taejFlPGyZI+HmPnDKxq1Lt705u/9Hpxhs06G3CjL8RaW+YB/TLN2sjohkZ+SxZuzqj0yE4Xv4BAGkkOfCo/v+NB52dNRJvCV6XuGye5EpuH1k+APD2p3suIjIfEYxGbAsk4jqyYHzc4is3xZdGG+sB+PCoLnrhqgJZUU/CUXymcspLJwvOdpngajX6C2DjP57zVDakbTBMVEwMQo+5YeeBztkerQKJau0tUeip",
"header_metadata": "AQIDBAUJ",
"authentication_data": "BwgJEw=="
},
"low_secret_mkg_test_vector": {
"encryption_policy": "Department::MKG && Security Level::Low Secret",
"plaintext": "TG93U2VjcmV0TWtnUGxhaW50ZXh0",
"ciphertext": "BLih4ZDahm+OuitjsJtVI3gaFt6+Vz+rB4XWQLNfJRlSCn6DvxRfFc221yhZ1ry3wFXIh/H3id/zkeXDHfmMQL2MqxZju0Kgr0R+WwLjfy8BAK6p/UTFoH/SiYWoRcLPMRcTFnmlupz6Dv1kT2WCUyM4IuFXxXpRsZjOb8wG07sPwY0ExfrNRN0M5jBOhnKGkyvkbl1evL+b2ZvAh8dfsQbk9jDU5HB1YcaeyXwY2544AF0yd0HSvFqv4tNZvZRCeSWHIooV",
"ciphertext": "ks8IRZZhfAckxPX50HYmFwzTHex0KeGgCa5ELFJPlG/GmmWDedgnhSG48EA6q3WJak+vklofc76MzSlzQQ0WV+Q5EL1NdGXQfZs92T6Ru4oBALJ1k7nHRLHWIt0tarbhC83vZ+l3tVgpmDoOrVNn5pkDIrwM6+VMvPFHXLFrJs9oJir5my+QrxamqVED6U4apfgFH0WAJxrTuCNlZduH6ubNudhWQfCqpr6e30PXMprN6sYXwLcPMlSl1HWs8+PY300AfwA1",
"header_metadata": "AQIDBAUJ",
"authentication_data": ""
},
"low_secret_fin_test_vector": {
"encryption_policy": "Department::FIN && Security Level::Low Secret",
"plaintext": "TG93U2VjcmV0RmluUGxhaW50ZXh0",
"ciphertext": "RDJ0Mu91gZ1mR9ozbTxx2jiTEbyektFbIeuSJE/+Ch3w+mFSMCb4pJnw9g7RNi2G7B003fTqDoQKUXAHcp7GG5PALdM0tI9hUpA66YHMH3UBAIdYSea14OpLegjqP3HDLZIUYxCMq1+0weRR74jV/7uFHMwgrmzWUI8R3lYgNWsMf2pTL0qcyBy2rSXcHNhw5Z6Quhp4UDBsEzcemMj6t+iygsOV++n4xZZbknMnsuL6R4MfS/EleBbAh2mwLx3z",
"ciphertext": "8t5Fl0YHHTyn2rlLY42WU71s5TVuVSoVVshVeoXaBTvegyruuMC8nCSl2plpssMvGXbvtTsV1qnVbWKLVP9IRTxBEvjJXWGUh/gqwxOv1twBAEhKCyxYO5VkHx6RzlRQvGHNAV28lRoWdEivGhnukHF1HAMPfBnHALFnFDioh+yv4AGcvbXNvigNrN326+VPDDcb78lGNstk4ZkHnQfDL0YiO/6wXvtlaP7qL2Q6Y4z8LGFfsXW7T0A9/svNeSht",
"header_metadata": "",
"authentication_data": ""
}
Expand Down

0 comments on commit c325a32

Please sign in to comment.