diff --git a/README.md b/README.md index 0fbb9389..ed2fd7ff 100644 --- a/README.md +++ b/README.md @@ -54,7 +54,7 @@ Package `tlsutil` provides utilities to configure tls client and servers. ### jose -Package `jose` is a wrapper for `gopkg.in/square/go-jose.v2` and implements +Package `jose` is a wrapper for `github.com/go-jose/go-jose/v3` and implements utilities to parse and generate JWT, JWK and JWKSets. ### x25519 diff --git a/go.mod b/go.mod index 3db32da4..435f953a 100644 --- a/go.mod +++ b/go.mod @@ -11,6 +11,7 @@ require ( github.com/Masterminds/sprig/v3 v3.2.3 github.com/ThalesIgnite/crypto11 v1.2.5 github.com/aws/aws-sdk-go v1.48.12 + github.com/go-jose/go-jose/v3 v3.0.1 github.com/go-piv/piv-go v1.11.0 github.com/golang/mock v1.6.0 github.com/google/go-tpm v0.9.0 @@ -28,7 +29,6 @@ require ( google.golang.org/api v0.152.0 google.golang.org/grpc v1.59.0 google.golang.org/protobuf v1.31.0 - gopkg.in/square/go-jose.v2 v2.6.0 ) require ( diff --git a/go.sum b/go.sum index 0248f4a4..272b6622 100644 --- a/go.sum +++ b/go.sum @@ -253,6 +253,8 @@ github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-ini/ini v1.25.4/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8= +github.com/go-jose/go-jose/v3 v3.0.1 h1:pWmKFVtt+Jl0vBZTIpz/eAKwsm6LkIxDVVbFHKkchhA= +github.com/go-jose/go-jose/v3 v3.0.1/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.10.0/go.mod h1:xUsJbQ/Fp4kEt7AFgCuvyX4a71u8h9jB8tj/ORgOZ7o= @@ -843,6 +845,7 @@ golang.org/x/crypto v0.0.0-20190426145343-a29dc8fdc734/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191002192127-34f69633bfdc/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191117063200-497ca9f6d64f/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= @@ -1341,8 +1344,6 @@ gopkg.in/go-playground/validator.v9 v9.29.1/go.mod h1:+c9/zcJMFNgbLvly1L1V+PpxWd gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k= gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= -gopkg.in/square/go-jose.v2 v2.6.0 h1:NGk74WTnPKBNUhNzQX7PYcTLUjoq7mzKk2OKbvwk2iI= -gopkg.in/square/go-jose.v2 v2.6.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= gopkg.in/src-d/go-billy.v4 v4.3.2/go.mod h1:nDjArDMp+XMs1aFAESLRjfGSgfvoYN0hDfzEk0GjC98= gopkg.in/src-d/go-git-fixtures.v3 v3.5.0/go.mod h1:dLBcvytrw/TYZsNTWCnkNF2DSIlzWYqTe3rJR56Ac7g= gopkg.in/src-d/go-git.v4 v4.13.1/go.mod h1:nx5NYcxdKxq5fpltdHnPa2Exj4Sx0EclMWZQbYDu2z8= diff --git a/jose/encrypt_test.go b/jose/encrypt_test.go index 740f378f..474794e9 100644 --- a/jose/encrypt_test.go +++ b/jose/encrypt_test.go @@ -10,11 +10,12 @@ import ( "io" "reflect" "testing" + "time" + jose "github.com/go-jose/go-jose/v3" "github.com/pkg/errors" "github.com/smallstep/assert" "go.step.sm/crypto/randutil" - jose "gopkg.in/square/go-jose.v2" ) var testPassword = []byte("Supercalifragilisticexpialidocious") @@ -424,3 +425,23 @@ func TestDecrypt(t *testing.T) { }) } } + +func TestDecrypt_highP2C(t *testing.T) { + data := []byte(`{ + "protected":"eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJlbmMiOiJBMjU2R0NNIiwicDJjIjoyMDAwMDAwMDAwMCwicDJzIjoiM3V0aFJZdHBTY09UMjR4Q3cwbTlfQSJ9", + "encrypted_key":"Lqn-BuAIole2T5ubPIPXl1QYj_48JqyeEfbOLq0EkyAX96irRPHA4g", + "iv":"eGaXW9_umwZvLCSP", + "ciphertext":"enFrF3NyvTN_a6Y4", + "tag":"VQFg97XqcRo61punp7Z3ow" +}`) + + timer := time.AfterFunc(time.Second, func() { + t.Fatal("Decrypt() took to much time") + }) + + _, err := Decrypt(data, WithPassword([]byte("password"))) + assert.Error(t, err) + if !timer.Stop() { + <-timer.C + } +} diff --git a/jose/generate_test.go b/jose/generate_test.go index 929d6729..cf27c345 100644 --- a/jose/generate_test.go +++ b/jose/generate_test.go @@ -16,10 +16,10 @@ import ( "reflect" "testing" + jose "github.com/go-jose/go-jose/v3" "github.com/smallstep/assert" "go.step.sm/crypto/pemutil" "go.step.sm/crypto/x25519" - jose "gopkg.in/square/go-jose.v2" ) func TestThumbprint(t *testing.T) { diff --git a/jose/types.go b/jose/types.go index e53e945e..f0347638 100644 --- a/jose/types.go +++ b/jose/types.go @@ -1,4 +1,4 @@ -// Package jose is a wrapper for gopkg.in/square/go-jose.v2 and implements +// Package jose is a wrapper for github.com/go-jose/go-jose/v3 and implements // utilities to parse and generate JWT, JWK and JWKSets. package jose @@ -8,10 +8,10 @@ import ( "strings" "time" + jose "github.com/go-jose/go-jose/v3" + "github.com/go-jose/go-jose/v3/cryptosigner" + "github.com/go-jose/go-jose/v3/jwt" "go.step.sm/crypto/x25519" - jose "gopkg.in/square/go-jose.v2" - "gopkg.in/square/go-jose.v2/cryptosigner" - "gopkg.in/square/go-jose.v2/jwt" ) // SupportsPBKDF2 constant to know if the underlaying library supports @@ -301,10 +301,10 @@ func IsAsymmetric(k *JSONWebKey) bool { return !IsSymmetric(k) } -// TrimPrefix removes the string "square/go-jose" from all errors. +// TrimPrefix removes the string "go-jose/go-jose" from all errors. func TrimPrefix(err error) error { if err == nil { return nil } - return errors.New(strings.TrimPrefix(err.Error(), "square/go-jose: ")) + return errors.New(strings.TrimPrefix(err.Error(), "go-jose/go-jose: ")) } diff --git a/jose/types_test.go b/jose/types_test.go index 2bee898e..3edd56d6 100644 --- a/jose/types_test.go +++ b/jose/types_test.go @@ -94,7 +94,7 @@ func TestTrimPrefix(t *testing.T) { wantErr error }{ {"nil", args{nil}, nil}, - {"trim", args{errors.New("square/go-jose: an error")}, errors.New("an error")}, + {"trim", args{errors.New("go-jose/go-jose: an error")}, errors.New("an error")}, {"no trim", args{errors.New("json: an error")}, errors.New("json: an error")}, } for _, tt := range tests { diff --git a/kms/azurekms/key_vault_test.go b/kms/azurekms/key_vault_test.go index 3b3dc7a8..7cb22934 100644 --- a/kms/azurekms/key_vault_test.go +++ b/kms/azurekms/key_vault_test.go @@ -14,11 +14,11 @@ import ( "github.com/Azure/azure-sdk-for-go/sdk/azcore/cloud" "github.com/Azure/azure-sdk-for-go/sdk/azcore/policy" "github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys" + "github.com/go-jose/go-jose/v3" "github.com/golang/mock/gomock" "go.step.sm/crypto/keyutil" "go.step.sm/crypto/kms/apiv1" "go.step.sm/crypto/kms/azurekms/internal/mock" - "gopkg.in/square/go-jose.v2" ) var errTest = fmt.Errorf("test error")