Release 1.1.1 to correct missing aux data in AWS KMS decrypt path

Auxilliary data was not provided in encryption context provided to AWS KMS decrypt() call, causing unwrapping to fail.
author: Stuart Stock <stuart@int08h.com> 2018-10-28 20:27:02 -0500
committer: Stuart Stock <stuart@int08h.com> 2018-10-28 20:27:02 -0500
commit: 846128d08bd3fcd72f23b3123b332d0692782e41 (patch)
tree: 744a99e904a11c4460d1eb134206c36d4d461ccb /src
parent: 9bd014d9225e5d9d408df4205ee0a4edd48dcd3f (diff)
download: roughenough-846128d08bd3fcd72f23b3123b332d0692782e41.zip
2 files changed, 5 insertions, 1 deletions
diff --git a/src/kms/awskms.rs b/src/kms/awskms.rs
index 4a244db..7ff131a 100644
--- a/src/kms/awskms.rs
+++ b/src/kms/awskms.rs
@@ -99,6 +99,10 @@ pub mod inner {
             let mut decrypt_req: DecryptRequest = Default::default();
             decrypt_req.ciphertext_blob = encrypted_dek.clone();
 
+            let mut dec_context = HashMap::new();
+            dec_context.insert("AD".to_string(), AD.to_string());
+            decrypt_req.encryption_context = Some(dec_context);
+
             match self.kms_client.decrypt(decrypt_req).sync() {
                 Ok(result) => {
                     if let Some(plaintext_dek) = result.plaintext {
diff --git a/src/lib.rs b/src/lib.rs
index b87f800..4c478f1 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -84,7 +84,7 @@ pub use message::RtMessage;
 pub use tag::Tag;
 
 /// Version of Roughenough
-pub const VERSION: &str = "1.1.0";
+pub const VERSION: &str = "1.1.1";
 
 /// Roughenough version string enriched with any compile-time optional features
 pub fn roughenough_version() -> String {
author	Stuart Stock <stuart@int08h.com>	2018-10-28 20:27:02 -0500
committer	Stuart Stock <stuart@int08h.com>	2018-10-28 20:27:02 -0500
commit	846128d08bd3fcd72f23b3123b332d0692782e41 (patch)
tree	744a99e904a11c4460d1eb134206c36d4d461ccb /src
parent	9bd014d9225e5d9d408df4205ee0a4edd48dcd3f (diff)
download	roughenough-846128d08bd3fcd72f23b3123b332d0692782e41.zip