summaryrefslogtreecommitdiff
path: root/src/kms/envelope.rs
diff options
context:
space:
mode:
Diffstat (limited to 'src/kms/envelope.rs')
-rw-r--r--src/kms/envelope.rs9
1 files changed, 7 insertions, 2 deletions
diff --git a/src/kms/envelope.rs b/src/kms/envelope.rs
index 1f6d615..da75961 100644
--- a/src/kms/envelope.rs
+++ b/src/kms/envelope.rs
@@ -73,7 +73,6 @@ fn vec_zero_filled(len: usize) -> Vec<u8> {
pub struct EnvelopeEncryption;
impl EnvelopeEncryption {
-
/// Decrypt a seed previously encrypted with `encrypt_seed()`
pub fn decrypt_seed(kms: &KmsProvider, ciphertext_blob: &[u8]) -> Result<Vec<u8>, KmsError> {
if ciphertext_blob.len() < MIN_PAYLOAD_SIZE {
@@ -107,7 +106,13 @@ impl EnvelopeEncryption {
// Decrypt the seed value using the DEK
let dek_open_key = OpeningKey::new(&AES_256_GCM, &dek)?;
- match open_in_place(&dek_open_key, &nonce, AD, IN_PREFIX_LEN, &mut encrypted_seed) {
+ match open_in_place(
+ &dek_open_key,
+ &nonce,
+ AD,
+ IN_PREFIX_LEN,
+ &mut encrypted_seed,
+ ) {
Ok(plaintext_seed) => Ok(plaintext_seed.to_vec()),
Err(_) => Err(KmsError::OperationFailed(
"failed to decrypt plaintext seed".to_string(),
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-16 22:04:34 +0000