func()

in v3/materials/kms_keyring.go [91:134]

• 38 lines of code
• 6 McCabe index (conditional complexity)

func (k *KmsKeyring) OnEncrypt(ctx context.Context, materials *EncryptionMaterials) (*CryptographicMaterials, error) {
	var matDesc MaterialDescription = materials.encryptionContext
	if _, ok := matDesc[kmsAWSCEKContextKey]; ok {
		return nil, fmt.Errorf(kmsReservedKeyConflictErrMsg, kmsAWSCEKContextKey)
	}
	if matDesc == nil {
		matDesc = map[string]string{}
	}

	requestMatDesc := matDesc.Clone()
	requestMatDesc[kmsAWSCEKContextKey] = kmsDefaultEncryptionContextKey

	in := kms.GenerateDataKeyInput{
		EncryptionContext: requestMatDesc,
		KeyId:             &k.KmsKeyId,
		KeySpec:           types.DataKeySpecAes256,
	}

	grantTokens := ctx.Value(GrantTokens)
	if grantTokens != nil {
		in.GrantTokens = grantTokens.([]string)
	}

	out, err := k.kmsClient.GenerateDataKey(ctx, &in)
	if err != nil {
		return &CryptographicMaterials{}, err
	}
	iv, err := generateBytes(materials.gcmNonceSize)
	if err != nil {
		return &CryptographicMaterials{}, err
	}

	cryptoMaterials := &CryptographicMaterials{
		Key:                 out.Plaintext,
		IV:                  iv,
		KeyringAlgorithm:    KMSContextKeyring,
		CEKAlgorithm:        materials.algorithm,
		TagLength:           GcmTagSizeBits,
		MaterialDescription: requestMatDesc,
		EncryptedKey:        out.CiphertextBlob,
	}

	return cryptoMaterials, nil
}