dan
/
liminix
1
0
Fork 5
Code Issues 2 Pull Requests 1 Projects Releases Wiki Activity

tangc handle non-zero exit from jwe dec 

Sometimes it exits non-zero but decrypts the file *anyway*. It only
does this on the device and I haven't been able to reproduce on build,
so this is a workaround until we find the root cause
This commit is contained in:
Daniel Barlow 2024-09-01 09:57:38 +01:00
parent e590c0ad3f
commit 034d6aacc4
1 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
pkgs/tangc/tangc.fnl
View File

@ -75,8 +75,15 @@
(.. (json.encode clt) " " (json.encode eph)))) (.. (json.encode clt) " " (json.encode eph))))
(fn jwe-dec [jwk ph undigested] (fn jwe-dec [jwk ph undigested]
(josep! ["jwe" "dec" "-k-" "-i-"] ;; sometimes jose jwe dec decrypts the file and exits
(.. (json.encode jwk) ph "." undigested))) ;; non-zero anyway. FIXME find out why
(let [inputstr (.. (json.encode jwk) ph "." undigested)
(exitcode out) (jose ["jwe" "dec" "-k-" "-i-"] inputstr)]
(if (> exitcode 0)
(: io.stderr :write (%% "jose jwe dec exited %d\n" exitcode)))
(if (not (= out ""))
out
(error (%% "jose jwe dec produced no output, exited %d" exitcode)))))
(fn parse-jwe [jwe] (fn parse-jwe [jwe]
(assert (= jwe.clevis.pin "tang") "invalid clevis.pin") (assert (= jwe.clevis.pin "tang") "invalid clevis.pin")