1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56
|
From: Reinhard Tartler <siretart@tauware.de>
Description: Build against go-jose/v4
Forwarded: https://github.com/containers/ocicrypt/pull/109
Index: golang-github-containers-ocicrypt/keywrap/jwe/keywrapper_jwe.go
===================================================================
--- golang-github-containers-ocicrypt.orig/keywrap/jwe/keywrapper_jwe.go
+++ golang-github-containers-ocicrypt/keywrap/jwe/keywrapper_jwe.go
@@ -24,7 +24,7 @@ import (
"github.com/containers/ocicrypt/config"
"github.com/containers/ocicrypt/keywrap"
"github.com/containers/ocicrypt/utils"
- "github.com/go-jose/go-jose/v3"
+ "github.com/go-jose/go-jose/v4"
)
type jweKeyWrapper struct {
@@ -65,7 +65,11 @@ func (kw *jweKeyWrapper) WrapKeys(ec *co
}
func (kw *jweKeyWrapper) UnwrapKey(dc *config.DecryptConfig, jweString []byte) ([]byte, error) {
- jwe, err := jose.ParseEncrypted(string(jweString))
+ // cf. list of algorithms in func addPubKeys() below
+ key_algorithms := []jose.KeyAlgorithm{jose.RSA_OAEP, jose.RSA_OAEP_256, jose.ECDH_ES_A128KW, jose.ECDH_ES_A192KW, jose.ECDH_ES_A256KW}
+ // accept all algorithms defined in RFC 7518, section 5.1
+ content_enc := []jose.ContentEncryption{jose.A128CBC_HS256, jose.A192CBC_HS384, jose.A256CBC_HS512, jose.A128GCM, jose.A192GCM, jose.A256GCM}
+ jwe, err := jose.ParseEncrypted(string(jweString), key_algorithms, content_enc)
if err != nil {
return nil, errors.New("jose.ParseEncrypted failed")
}
Index: golang-github-containers-ocicrypt/keywrap/jwe/keywrapper_jwe_test.go
===================================================================
--- golang-github-containers-ocicrypt.orig/keywrap/jwe/keywrapper_jwe_test.go
+++ golang-github-containers-ocicrypt/keywrap/jwe/keywrapper_jwe_test.go
@@ -22,7 +22,7 @@ import (
"github.com/containers/ocicrypt/config"
"github.com/containers/ocicrypt/utils"
- "github.com/go-jose/go-jose/v3"
+ "github.com/go-jose/go-jose/v4"
)
var oneEmpty []byte
Index: golang-github-containers-ocicrypt/utils/utils.go
===================================================================
--- golang-github-containers-ocicrypt.orig/utils/utils.go
+++ golang-github-containers-ocicrypt/utils/utils.go
@@ -26,7 +26,7 @@ import (
"strings"
"github.com/containers/ocicrypt/crypto/pkcs11"
- "github.com/go-jose/go-jose/v3"
+ "github.com/go-jose/go-jose/v4"
"golang.org/x/crypto/openpgp"
)
|