feat(sdk): PLAT-3082 nanotdf encrypt #744

patmantru · 2024-05-06T13:38:35Z

PLAT-3082 Adds nanotdf encrypt and decrypt of buffer

Encrypt of buffer
Decrypt of buffer
Support for Secp256r1
Updates to go kas to support the above

Note that this is an early first-pass implementation, there is more work to do:

support more curves,
dataset mode,
additional refactoring and cleanup
creating appropriate unit tests for everything

Resolves #766

… add-nanotdf-crypto

…otdf-encrypt

dmihalcik-virtru · 2024-05-24T15:20:20Z

@patmantru it looks like there are some semantic merge conflicts with main.

…otdf-encrypt

- Use `PLAT-3082-nanotdf-encrypt` branch of [opentdf/platform](opentdf/platform#744) - This branch includes fixes to nanotdf parsing required to function, and removes need to load an HSM/pkcs11 shared library. - Updates to opentdf.yaml (eccertid) and key gen code to match - Lets signing key be an RSA key not EC key to match current behavior of platform's KAS - Improves unit testing of nanoTDF code - Adds actual test of ECDH based rewrap - Started groundwork for more golden file tests but ended up not having time to do any of real value - Some small code cleanups - Use the new 'cause' option to `Error` constructor when applicatble - Support certs for public key queries of a server. TODO check the cert details? - Prefer CryptoKey to stringly typed keys in a couple of places - Minor fix to support RS512

🤖 I have created a release *beep* *boop* --- ## [0.1.4](lib/ocrypto/v0.1.3...lib/ocrypto/v0.1.4) (2024-05-29) ### Features * **core:** Allow app specified session keys ([#882](#882)) ([529fb0e](529fb0e)) * **sdk:** PLAT-3082 nanotdf encrypt ([#744](#744)) ([6c82536](6c82536)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: opentdf-automation[bot] <149537512+opentdf-automation[bot]@users.noreply.github.com>

🤖 I have created a release *beep* *boop* --- ## [0.2.4](sdk/v0.2.3...sdk/v0.2.4) (2024-05-30) ### Features * **core:** Allow app specified session keys ([#882](#882)) ([529fb0e](529fb0e)) * **sdk:** Adds Option to Pass in RSA Keys to SDK ([#867](#867)) ([739a828](739a828)) * **sdk:** PLAT-3082 nanotdf encrypt ([#744](#744)) ([6c82536](6c82536)) ### Bug Fixes * **sdk:** if we encounter an error getting an access token then don't make the request ([#872](#872)) ([19188d5](19188d5)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: opentdf-automation[bot] <149537512+opentdf-automation[bot]@users.noreply.github.com> Co-authored-by: Jake Van Vorhis <83739412+jakedoublev@users.noreply.github.com>

🤖 I have created a release *beep* *boop* --- ## [0.4.4](service/v0.4.3...service/v0.4.4) (2024-05-30) ### Features * **sdk:** PLAT-3082 nanotdf encrypt ([#744](#744)) ([6c82536](6c82536)) ### Bug Fixes * **kas:** lowercase config mapstructure for kas key paths ([#891](#891)) ([b205926](b205926)), closes [#890](#890) * **policy:** downgrade policy SQL statement info level logs to debug ([#853](#853)) ([771abd6](771abd6)), closes [#845](#845) * **core:** bump sdk version in service module ([#892](#892)) ([d66ce92](d66ce92)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). --------- Co-authored-by: opentdf-automation[bot] <149537512+opentdf-automation[bot]@users.noreply.github.com> Co-authored-by: Jake Van Vorhis <83739412+jakedoublev@users.noreply.github.com>

🤖 I have created a release *beep* *boop* --- ## [0.1.4](opentdf/platform@lib/ocrypto/v0.1.3...lib/ocrypto/v0.1.4) (2024-05-29) ### Features * **core:** Allow app specified session keys ([#882](opentdf/platform#882)) ([529fb0e](opentdf/platform@529fb0e)) * **sdk:** PLAT-3082 nanotdf encrypt ([#744](opentdf/platform#744)) ([6c82536](opentdf/platform@6c82536)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: opentdf-automation[bot] <149537512+opentdf-automation[bot]@users.noreply.github.com>

🤖 I have created a release *beep* *boop* --- ## [0.2.4](opentdf/platform@sdk/v0.2.3...sdk/v0.2.4) (2024-05-30) ### Features * **core:** Allow app specified session keys ([#882](opentdf/platform#882)) ([529fb0e](opentdf/platform@529fb0e)) * **sdk:** Adds Option to Pass in RSA Keys to SDK ([#867](opentdf/platform#867)) ([739a828](opentdf/platform@739a828)) * **sdk:** PLAT-3082 nanotdf encrypt ([#744](opentdf/platform#744)) ([6c82536](opentdf/platform@6c82536)) ### Bug Fixes * **sdk:** if we encounter an error getting an access token then don't make the request ([#872](opentdf/platform#872)) ([19188d5](opentdf/platform@19188d5)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: opentdf-automation[bot] <149537512+opentdf-automation[bot]@users.noreply.github.com> Co-authored-by: Jake Van Vorhis <83739412+jakedoublev@users.noreply.github.com>

🤖 I have created a release *beep* *boop* --- ## [0.4.4](opentdf/platform@service/v0.4.3...service/v0.4.4) (2024-05-30) ### Features * **sdk:** PLAT-3082 nanotdf encrypt ([#744](opentdf/platform#744)) ([6c82536](opentdf/platform@6c82536)) ### Bug Fixes * **kas:** lowercase config mapstructure for kas key paths ([#891](opentdf/platform#891)) ([b205926](opentdf/platform@b205926)), closes [#890](opentdf/platform#890) * **policy:** downgrade policy SQL statement info level logs to debug ([#853](opentdf/platform#853)) ([771abd6](opentdf/platform@771abd6)), closes [#845](opentdf/platform#845) * **core:** bump sdk version in service module ([#892](opentdf/platform#892)) ([d66ce92](opentdf/platform@d66ce92)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). --------- Co-authored-by: opentdf-automation[bot] <149537512+opentdf-automation[bot]@users.noreply.github.com> Co-authored-by: Jake Van Vorhis <83739412+jakedoublev@users.noreply.github.com>

🤖 I have created a release *beep* *boop* --- ## [0.1.4](opentdf/platform@lib/ocrypto/v0.1.3...lib/ocrypto/v0.1.4) (2024-05-29) ### Features * **core:** Allow app specified session keys ([#882](opentdf/platform#882)) ([529fb0e](opentdf/platform@529fb0e)) * **sdk:** PLAT-3082 nanotdf encrypt ([#744](opentdf/platform#744)) ([6c82536](opentdf/platform@6c82536)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: opentdf-automation[bot] <149537512+opentdf-automation[bot]@users.noreply.github.com>

🤖 I have created a release *beep* *boop* --- ## [0.2.4](opentdf/platform@sdk/v0.2.3...sdk/v0.2.4) (2024-05-30) ### Features * **core:** Allow app specified session keys ([#882](opentdf/platform#882)) ([529fb0e](opentdf/platform@529fb0e)) * **sdk:** Adds Option to Pass in RSA Keys to SDK ([#867](opentdf/platform#867)) ([739a828](opentdf/platform@739a828)) * **sdk:** PLAT-3082 nanotdf encrypt ([#744](opentdf/platform#744)) ([6c82536](opentdf/platform@6c82536)) ### Bug Fixes * **sdk:** if we encounter an error getting an access token then don't make the request ([#872](opentdf/platform#872)) ([19188d5](opentdf/platform@19188d5)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: opentdf-automation[bot] <149537512+opentdf-automation[bot]@users.noreply.github.com> Co-authored-by: Jake Van Vorhis <83739412+jakedoublev@users.noreply.github.com>

🤖 I have created a release *beep* *boop* --- ## [0.4.4](opentdf/platform@service/v0.4.3...service/v0.4.4) (2024-05-30) ### Features * **sdk:** PLAT-3082 nanotdf encrypt ([#744](opentdf/platform#744)) ([6c82536](opentdf/platform@6c82536)) ### Bug Fixes * **kas:** lowercase config mapstructure for kas key paths ([#891](opentdf/platform#891)) ([b205926](opentdf/platform@b205926)), closes [#890](opentdf/platform#890) * **policy:** downgrade policy SQL statement info level logs to debug ([#853](opentdf/platform#853)) ([771abd6](opentdf/platform@771abd6)), closes [#845](opentdf/platform#845) * **core:** bump sdk version in service module ([#892](opentdf/platform#892)) ([d66ce92](opentdf/platform@d66ce92)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). --------- Co-authored-by: opentdf-automation[bot] <149537512+opentdf-automation[bot]@users.noreply.github.com> Co-authored-by: Jake Van Vorhis <83739412+jakedoublev@users.noreply.github.com>

sujankota and others added 20 commits April 17, 2024 06:59

feat(crypto): nanotdf crypto helper methods

8792d05

Merge branch 'main' into add-nanotdf-crypto

dd02557

Interim checkin

dc54083

Move ec stuff to ec_key_pair.go

860cbd5

Fixed dup import

be92f80

moved tests, added dummy ComputeECDHKey

5743e40

Merge branch 'main' into add-nanotdf-crypto

961eaa5

Add real implementation of ComputeECDHKey

8b6875f

Merge branch 'add-nanotdf-crypto' of github.com:opentdf/platform into…

b8b4b8d

… add-nanotdf-crypto

Fix code review comments

b8f6e0b

Merge branch 'main' of github.com:opentdf/platform into PLAT-3082-nan…

b817463

…otdf-encrypt

Merge to main, fix resulting conflicts

87c0392

Interim checkin

7e3b102

Early merge of Sujan's EC functions PR

3fb8254

Builds but with lots of TODOs pending

43e440d

housekeeping

217e24c

interim checkin

9be8a26

added more crypto calls

8d90d29

sync to main

9c16af7

Merge branch 'main' of github.com:opentdf/platform into PLAT-3082-nan…

5941ecc

…otdf-encrypt

patmantru changed the title ~~feat(nanotdf) : [PLAT-3082) nanotdf encrypt~~ feat(nanotdf) : PLAT-3082 nanotdf encrypt May 8, 2024

patmantru changed the title ~~feat(nanotdf) : PLAT-3082 nanotdf encrypt~~ feat(nanotdf): PLAT-3082 nanotdf encrypt May 8, 2024

fix lint complaints

92f623f

patmantru force-pushed the PLAT-3082-nanotdf-encrypt branch from 90cd2ab to 92f623f Compare May 9, 2024 16:13

patmantru changed the title ~~feat(nanotdf): PLAT-3082 nanotdf encrypt~~ feat(sdk): PLAT-3082 nanotdf encrypt May 9, 2024

patmantru self-assigned this May 10, 2024

patmantru added 4 commits May 10, 2024 16:33

added header test from c++

6e696dc

header unit test executing but fails in compare to expected

35f32df

Corrected test data and working on problem writing policy

1c342fc

identified missing bytes in header test, test passes now

2129071

patmantru added this pull request to the merge queue May 24, 2024

github-merge-queue bot removed this pull request from the merge queue due to failed status checks May 24, 2024

patmantru added 2 commits May 24, 2024 11:24

Merge branch 'main' of github.com:opentdf/platform into PLAT-3082-nan…

7eb685d

…otdf-encrypt

Fix for change to newKasClient signature

90f967b

patmantru dismissed stale reviews from biscoe916, sujankota, and pflynn-virtru via 90f967b May 24, 2024 15:44

Merge branch 'main' into PLAT-3082-nanotdf-encrypt

fc76a17

patmantru enabled auto-merge May 24, 2024 15:51

pflynn-virtru approved these changes May 24, 2024

View reviewed changes

biscoe916 approved these changes May 24, 2024

View reviewed changes

patmantru added this pull request to the merge queue May 24, 2024

Merged via the queue into main with commit 6c82536 May 24, 2024
15 checks passed

patmantru deleted the PLAT-3082-nanotdf-encrypt branch May 24, 2024 16:44

This was referenced May 24, 2024

chore(main): release sdk 0.2.4 #868

Merged

chore(main): release service 0.4.4 #854

Merged

chore(main): release lib/ocrypto 0.1.4 #875

Merged

jakedoublev added a commit that referenced this pull request Jun 3, 2024

put back dev config to before #744 now that default policy is updated

299fd1d

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat(sdk): PLAT-3082 nanotdf encrypt #744

feat(sdk): PLAT-3082 nanotdf encrypt #744

patmantru commented May 6, 2024 •

edited by elizabethhealy

dmihalcik-virtru commented May 24, 2024

feat(sdk): PLAT-3082 nanotdf encrypt #744

feat(sdk): PLAT-3082 nanotdf encrypt #744

Conversation

patmantru commented May 6, 2024 • edited by elizabethhealy

dmihalcik-virtru commented May 24, 2024

patmantru commented May 6, 2024 •

edited by elizabethhealy