Trail of bits 018 (#9674)

* TOB-018 remediation * Make key derivation an optional config flag, off by default, for backwards compatibility * Fix unit tests * Address some feedback * Set config on unit test * Fix another test failure * One more conf fail * Switch one of the test cases to not use a derive dkey * wip * comments
2025-11-01 11:08:10 +00:00 · 2020-08-17 11:36:16 -05:00
parent 9054eca113
commit e0b9cf80a4
12 changed files with 89 additions and 15 deletions
--- a/command/agent/jwt_end_to_end_test.go
+++ b/command/agent/jwt_end_to_end_test.go
@@ -158,6 +158,7 @@ func testJWTEndToEnd(t *testing.T, ahWrapping bool) {
 		AAD:    "foobar",
 		DHType: "curve25519",
 		DHPath: dhpath,
+		DeriveKey: true,
 		Config: map[string]interface{}{
 			"path": out,
 		},
@@ -231,7 +232,11 @@ func testJWTEndToEnd(t *testing.T, ahWrapping bool) {
 					continue
 				}

-				aesKey, err := dhutil.GenerateSharedKey(pri, resp.Curve25519PublicKey)
+				shared, err := dhutil.GenerateSharedSecret(pri, resp.Curve25519PublicKey)
+				if err != nil {
+					t.Fatal(err)
+				}
+				aesKey, err := dhutil.DeriveSharedKey(shared, pub, resp.Curve25519PublicKey)
 				if err != nil {
 					t.Fatal(err)
 				}