1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
|
From: Reinhard Tartler <siretart@tauware.de>
Description: Build against go-jose/v4
Forwarded: https://github.com/containers/ocicrypt/pull/109
Index: golang-github-containers-ocicrypt/keywrap/jwe/keywrapper_jwe.go
===================================================================
--- golang-github-containers-ocicrypt.orig/keywrap/jwe/keywrapper_jwe.go
+++ golang-github-containers-ocicrypt/keywrap/jwe/keywrapper_jwe.go
@@ -24,7 +24,7 @@ import (
"github.com/containers/ocicrypt/config"
"github.com/containers/ocicrypt/keywrap"
"github.com/containers/ocicrypt/utils"
- "github.com/go-jose/go-jose/v3"
+ "github.com/go-jose/go-jose/v4"
)
type jweKeyWrapper struct {
@@ -65,7 +65,11 @@ func (kw *jweKeyWrapper) WrapKeys(ec *co
}
func (kw *jweKeyWrapper) UnwrapKey(dc *config.DecryptConfig, jweString []byte) ([]byte, error) {
- jwe, err := jose.ParseEncrypted(string(jweString))
+ // cf. list of algorithms in func addPubKeys() below
+ key_algorithms := []jose.KeyAlgorithm{jose.RSA_OAEP, jose.RSA_OAEP_256, jose.ECDH_ES_A128KW, jose.ECDH_ES_A192KW, jose.ECDH_ES_A256KW}
+ // accept all algorithms defined in RFC 7518, section 5.1
+ content_enc := []jose.ContentEncryption{jose.A128CBC_HS256, jose.A192CBC_HS384, jose.A256CBC_HS512, jose.A128GCM, jose.A192GCM, jose.A256GCM}
+ jwe, err := jose.ParseEncrypted(string(jweString), key_algorithms, content_enc)
if err != nil {
return nil, errors.New("jose.ParseEncrypted failed")
}
Index: golang-github-containers-ocicrypt/keywrap/jwe/keywrapper_jwe_test.go
===================================================================
--- golang-github-containers-ocicrypt.orig/keywrap/jwe/keywrapper_jwe_test.go
+++ golang-github-containers-ocicrypt/keywrap/jwe/keywrapper_jwe_test.go
@@ -22,7 +22,7 @@ import (
"github.com/containers/ocicrypt/config"
"github.com/containers/ocicrypt/utils"
- "github.com/go-jose/go-jose/v3"
+ "github.com/go-jose/go-jose/v4"
)
var oneEmpty []byte
Index: golang-github-containers-ocicrypt/utils/utils.go
===================================================================
--- golang-github-containers-ocicrypt.orig/utils/utils.go
+++ golang-github-containers-ocicrypt/utils/utils.go
@@ -26,7 +26,7 @@ import (
"strings"
"github.com/containers/ocicrypt/crypto/pkcs11"
- "github.com/go-jose/go-jose/v3"
+ "github.com/go-jose/go-jose/v4"
"golang.org/x/crypto/openpgp"
)
|
