- WrappedKeyAndInfoContainer wkmcOldDKEK = WrappedKeyAndInfoContainer(
- domainKEKInWrapForm.data());
- WrappedKeyAndInfoContainer wkmcNewDKEK = WrappedKeyAndInfoContainer();
- KeyAndInfoContainer kmcDKEK = KeyAndInfoContainer();
-
- KeyData PKEK1 = makePKEK1(wkmcOldDKEK.getWrappedKeyAndInfo().keyInfo, oldPass);
-
- int keyLength = 0;
- if (0 > (keyLength = decryptAes256Gcm(
- wkmcOldDKEK.getWrappedKeyAndInfo().wrappedKey,
- wkmcOldDKEK.getWrappedKeyAndInfo().keyInfo.keyLength,
- wkmcOldDKEK.getWrappedKeyAndInfo().keyInfo.tag,
- PKEK1.data(),
- wkmcOldDKEK.getWrappedKeyAndInfo().keyInfo.iv,
- kmcDKEK.getKeyAndInfo().key)))
- ThrowErr(Exc::AuthenticationFailed, "Incorrect Old Password ");
-
- kmcDKEK.setKeyInfo(&(wkmcOldDKEK.getWrappedKeyAndInfo().keyInfo));
- kmcDKEK.setKeyInfoKeyLength((unsigned int)keyLength);
-
- PKEK1 = makePKEK1(wkmcNewDKEK.getWrappedKeyAndInfo().keyInfo, newPass);
-
- wkmcNewDKEK.setKeyInfo(&(kmcDKEK.getKeyAndInfo().keyInfo));
-
- int wrappedKeyLength = 0;
- if (0 > (wrappedKeyLength = encryptAes256Gcm(
- kmcDKEK.getKeyAndInfo().key,
- kmcDKEK.getKeyAndInfo().keyInfo.keyLength,
- PKEK1.data(),
- kmcDKEK.getKeyAndInfo().keyInfo.iv,
- wkmcNewDKEK.getWrappedKeyAndInfo().wrappedKey,
- wkmcNewDKEK.getWrappedKeyAndInfo().keyInfo.tag)))
- ThrowErr(Exc::InternalError,
- "UpdateDomainKEK in KeyProvider::reencrypt Failed");
-
- wkmcNewDKEK.setKeyInfoKeyLength((unsigned int)wrappedKeyLength);
-
- LogDebug("reencrypt SUCCESS");
- return toRawBuffer(wkmcNewDKEK.getWrappedKeyAndInfo());